szamlazz-invoicing
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions external dependencies and installation paths from a GitHub repository belonging to the SocialPro organization (
github.com/socialproKGCMG/socialpro-szamlazz). This is consistent with the skill's purpose as an automation tool for a specific service. - [DATA_EXFILTRATION]: While the skill interacts with the szamlazz.hu API, the description explicitly states that the API key is stored in the OS credential store and is never echoed to the user. This follows security best practices for credential management.
- [COMMAND_EXECUTION]: The skill provides installation commands (
/plugin install) which are standard for adding functionality to the agent environment. No arbitrary or hidden commands were detected. - [SAFE]: The skill includes explicit security measures such as mandatory user confirmation before issuing legal documents (invoices) and localized error handling. The use of the
Decimallibrary for financial calculations indicates a focus on data integrity.
Audit Metadata