smart-intake

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to process external, untrusted documents (bank statements, receipts, and invoices) provided by users. This ingestion represents an indirect prompt injection surface where malicious instructions hidden in document text could attempt to manipulate the agent's behavior during extraction or classification stages. \n
  • Ingestion points: Step 2 involves the agent reading and inventorying high-signal documents like PDF/CSV bank statements and invoices. \n
  • Boundary markers: The skill instructions do not define specific delimiters or security headers to isolate document content from the agent's primary instructions. \n
  • Capability inventory: The skill allows the agent to write several files to the workspace (source/register.md, engagement_state.json, README.md, workpapers/transactions.json) and execute extraction tools. \n
  • Sanitization: No explicit sanitization, filtering, or validation steps for extracted text are mentioned before the data is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 08:04 PM
Security Audit — agent-trust-hub — smart-intake