financial-analysis

Fail

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Access to sensitive personal documents. The skill is designed to read and parse highly private files from the user's local vault, including transcriptions of bank statements (Kontoauszuge), employment contracts (Arbeitsvertrag), and pension status reports (Standmitteilungen) stored in the finance/docs/ and finance/data/ directories.
  • [PROMPT_INJECTION]: Indirect prompt injection surface via web search. The instructions in SKILL.md direct the agent to perform web searches for current mortgage rates, property prices, and tax thresholds. This introduces untrusted external content into the agent's context while it holds sensitive personal data, creating an attack surface for malicious web pages to influence agent behavior.
  • [DATA_EXFILTRATION]: Risk of data leakage in tool output. When the agent uses web search to compare financial products or verify rates, there is a risk it may include specific values or terms from the user's private documents in the search queries sent to external providers.
  • [PROMPT_INJECTION]: Mandatory evidence chain for indirect injection surface: 1. Ingestion points: Local files in finance/data/ and finance/docs/, and results from the web search tool. 2. Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands in processed data. 3. Capability inventory: Local file reading, file writing to finance/reports/, and web search tool access. 4. Sanitization: Absent; no procedures are defined for validating or escaping external content before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 22, 2026, 10:44 PM
Security Audit — agent-trust-hub — financial-analysis