invoice-organizer
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell commands including find, mkdir, cp, and mv to locate, categorize, and organize invoice files. These operations are essential to the skill's primary purpose and are implemented using best practices such as copying files to preserve originals before user approval.
- [DATA_EXPOSURE]: The skill is designed to read and extract information from financial documents like invoices and receipts. While this involves processing sensitive data, the operations are performed locally on the user's files and the skill does not contain instructions to transmit this data to external servers.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted content from external invoices. There is a lack of explicit boundary markers or instructions to ignore commands within the documents. However, the skill includes a sanitization step for generated filenames (removing special characters) which helps mitigate risks associated with processing untrusted text strings.
Audit Metadata