money-review-investor
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted business plans and project history files from local storage without implementing boundary markers or explicit instructions to ignore embedded commands. This creates an attack surface for indirect prompt injection. 1. Ingestion points: Reads plan files and learnings.jsonl from disk. 2. Boundary markers: Absent. 3. Capability inventory: Produces text-based analysis and recommends subsequent commands but contains no internal logic for code execution or network requests. 4. Sanitization: None identified.
- [SAFE]: No malicious patterns such as data exfiltration, remote code execution, credential harvesting, or unauthorized privilege escalation were identified. The skill's operations are consistent with its documented purpose.
- [SAFE]: File system access is targeted at project-specific snapshots and logs within the ~/.smtm/ directory, which is appropriate for maintaining session context and does not target sensitive system configuration files.
Audit Metadata