close-month
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- External Data Processing: The skill ingests transaction records from QuickBooks and payment processors (Stripe, PayPal, Square) to perform reconciliation. While this involves processing external data, the workflow is confined to established financial APIs.
- Human-in-the-Loop Controls: Security is enhanced by 'Approval Gates' that prevent the automated deletion or categorization of records. The skill requires explicit user confirmation for these actions, which mitigates risks associated with data integrity.
- File Operations: It uses system capabilities to generate and save formatted financial reports (Excel/PDF) to the user's chosen storage locations (e.g., local desktop or cloud drives). This is consistent with the skill's primary purpose of creating a 'close packet.'
- Indirect Prompt Injection Consideration: Because the skill processes vendor names and transaction notes, there is a potential surface for indirect prompt injection from external transaction data. However, the requirement for human review before any significant action and the narrow scope of the narrative generation make this a low-risk consideration.
Audit Metadata