transaction-syncing
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted transaction data from external files.
- Ingestion points: The workflow reads data from
~/Downloads/History_for_Account_Z05724592.csvas described inworkflows/IngestTransactions.md. - Boundary markers: There are no boundary markers or specific instructions for the agent to ignore potentially malicious content embedded within the transaction descriptions or CSV fields.
- Capability inventory: The skill has the ability to write to local directories (
notebooks/transactions/), execute shell commands (awk,cp), and modify Google Sheets viamcp__gdrive__sheets. - Sanitization: No sanitization, escaping, or validation of the CSV content is performed before the data is processed or synced to the spreadsheet.
- [COMMAND_EXECUTION]: The skill relies on shell commands for data parsing and file management.
- Evidence:
workflows/IngestTransactions.mdspecifies the use ofawkto extract date ranges and transaction counts from CSV files, as well ascpfor archiving files.SKILL.mdalso references the execution of a Python module viauv runfor SnapTrade integration.
Audit Metadata