accounting-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits the contents of PDF bank statements to the Reducto API (platform.reducto.ai) for OCR-based data extraction. This is a documented part of the processing workflow for scanned documents.\n- [EXTERNAL_DOWNLOADS]: Fetches processed transaction data and structured tables from Reducto's cloud infrastructure during the ingestion phase.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the bank statement processing surface. \n
  • Ingestion points: Bank statement descriptions extracted in scripts/extract_bank_statements_reference.py.\n
  • Boundary markers: None identified in the extraction or classification scripts.\n
  • Capability inventory: Subprocess execution of Python scripts and file writing (Excel/PDF) in the scripts/ directory.\n
  • Sanitization: None; transaction descriptions are written directly to Excel cells in scripts/build_workpapers_reference.py without escaping characters that trigger formulas (e.g., =, +, -, @), creating a risk of formula injection when the generated workbook is opened.\n- [COMMAND_EXECUTION]: Utilizes the Bash tool to run local Python scripts that handle core accounting logic, Excel generation, and PDF reporting.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:55 AM
Security Audit — agent-trust-hub — accounting-workflow