transaction-syncing

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted transaction data from external files.
  • Ingestion points: The workflow reads data from ~/Downloads/History_for_Account_Z05724592.csv as described in workflows/IngestTransactions.md.
  • Boundary markers: There are no boundary markers or specific instructions for the agent to ignore potentially malicious content embedded within the transaction descriptions or CSV fields.
  • Capability inventory: The skill has the ability to write to local directories (notebooks/transactions/), execute shell commands (awk, cp), and modify Google Sheets via mcp__gdrive__sheets.
  • Sanitization: No sanitization, escaping, or validation of the CSV content is performed before the data is processed or synced to the spreadsheet.
  • [COMMAND_EXECUTION]: The skill relies on shell commands for data parsing and file management.
  • Evidence: workflows/IngestTransactions.md specifies the use of awk to extract date ranges and transaction counts from CSV files, as well as cp for archiving files. SKILL.md also references the execution of a Python module via uv run for SnapTrade integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 02:54 PM