skills/damacus/skills/accounting-sync/Gen Agent Trust Hub

accounting-sync

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on external CLI tools (gws, freeagent-cli, and paperless) to perform its core functions. These tools are used to interact with the user's Google Workspace, FreeAgent accounting software, and Paperless-ngx document manager.
  • [DATA_EXPOSURE]: The instructions include a hardcoded local file path (/Users/damacus/receipts/paperless/) for staging downloaded PDF files. While this reveals a specific user directory, it is used solely for local file operations necessary for the skill's workflow.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Gmail message bodies and bank transaction descriptions, which constitutes a potential surface for indirect prompt injection. However, the skill mitigates risk by implementing specific validation steps, such as verifying file types using the file command and matching amounts and vendors before performing any mutations (uploads or attachments).
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:59 PM
Security Audit — agent-trust-hub — accounting-sync