extract-bank-statement

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill is designed to ingest and process data from external, untrusted bank statement files (PDF and CSV).
  • Ingestion points: SKILL.md (Step 0, Step 2, Step 5) identifies reading and parsing user-provided bank documents.
  • Boundary markers: None explicitly defined to isolate input data from instructional context.
  • Capability inventory: SKILL.md instructions include executing local Python scripts via subprocess calls and writing data to .xlsx and .json files on the local file system.
  • Sanitization: The skill employs mitigation strategies such as using programmatic text extraction (pdfplumber) and regex adapters instead of direct LLM vision/text interpretation, and includes mandatory balance-proof reconciliation to detect data manipulation or parsing errors.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 08:04 PM
Security Audit — agent-trust-hub — extract-bank-statement