money-review-customer

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill reads from local application directories (e.g., ~/.smtm/sessions/ and ~/.smtm/projects/). This behavior is intended for loading project state and customer learning data required for the review process.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external plan files and learning logs (learnings.jsonl).
  • Ingestion points: Files located at ~/.smtm/projects/{slug}/learnings.jsonl and user-specified plan files.
  • Boundary markers: Not explicitly defined in the provided instructions.
  • Capability inventory: Performs file system reads within specific application paths; no command execution or network exfiltration patterns found in this file.
  • Sanitization: No explicit sanitization or validation of the ingested content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:34 PM
Security Audit — agent-trust-hub — money-review-customer