TransactionSyncing
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation follows the stated goal of syncing Fidelity transactions to Google Sheets without exhibiting suspicious behaviors or unnecessary privilege requests.
- [DATA_EXPOSURE]: The skill accesses sensitive financial information by reading transaction history CSV files from the local directory
notebooks/transactions/. This operation is the primary purpose of the skill and is triggered by specific user requests for transaction syncing. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted merchant descriptions and transaction data from external CSV files, which are then used to generate summary reports and update spreadsheets. This ingestion of external data constitutes a potential surface for indirect prompt injection.
- Ingestion points: Local Fidelity transaction CSV files in
notebooks/transactions/. - Boundary markers: None identified for delimiting CSV content during processing.
- Capability inventory: The skill has the capability to read and write to Google Sheets using the
mcp__gdrive__sheetstool. - Sanitization: The processing logic includes truncating transaction descriptions to 50 characters, which limits the potential impact of instructions embedded within the data.
Audit Metadata