tax-season-organizer
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is well-structured for its intended purpose of financial data organization.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to process external financial data from connectors and user-uploaded CSV/Excel files. However, the risk is negligible as the skill lacks exploitable capabilities like arbitrary command execution, network exfiltration, or file system modifications.
- Ingestion points: Data ingested via accounting and payment connectors (e.g.,
~~бухгалтерия) and user-provided CSV fallbacks as described inSKILL.mdandreference/connector-queries.md. - Boundary markers: The instructions do not define specific delimiters for separating data content from instructions, though they advise the agent on specific fields to extract.
- Capability inventory: Analysis of all referenced files confirms no usage of subprocess calls, dynamic code execution (eval/exec), or outbound network operations.
- Sanitization: The skill focuses on extracting and formatting financial data into Markdown reports; no specific sanitization logic is implemented for the raw input data.
Audit Metadata