tax-loss-harvesting
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were detected. The skill includes mandatory safety disclaimers and strictly defines its scope as general tax information.
- [DATA_EXFILTRATION]: No sensitive file access or network operations are present. The skill mentions third-party financial APIs and libraries (e.g., yfinance, Alpaca, IBKR) only for informational purposes regarding automation.
- [REMOTE_CODE_EXECUTION]: No external scripts, package installations, or remote code patterns are present in the skill instructions.
- [COMMAND_EXECUTION]: The skill contains no shell commands, subprocess calls, or system interactions.
- [OBFUSCATION]: No obfuscation techniques such as Base64, hex encoding, or zero-width characters were found in the file content.
- [INDIRECT_PROMPT_INJECTION]: While the skill instructions are designed to process user-provided financial data (positions, cost basis), the skill lacks any executable capabilities (file writes, network sends, or code execution) that could be leveraged for an attack.
- [SAFE]: The skill is a documentation-only asset that provides logic for personal finance automation without including any risky functional components.
Audit Metadata