money-review-customer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads from local application directories (e.g.,
~/.smtm/sessions/and~/.smtm/projects/). This behavior is intended for loading project state and customer learning data required for the review process. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external plan files and learning logs (
learnings.jsonl). - Ingestion points: Files located at
~/.smtm/projects/{slug}/learnings.jsonland user-specified plan files. - Boundary markers: Not explicitly defined in the provided instructions.
- Capability inventory: Performs file system reads within specific application paths; no command execution or network exfiltration patterns found in this file.
- Sanitization: No explicit sanitization or validation of the ingested content is mentioned.
Audit Metadata