transaction-categorizer
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, command executions, or data exfiltration vectors were identified in the skill. The instructions are focused entirely on the stated purpose of transaction categorization.
- [DATA_EXFILTRATION]: While the skill processes sensitive financial data, it does not contain any network tools, external URL references, or commands that could be used to transmit data outside the environment. It correctly distinguishes between raw data and match-normalized strings to preserve audit trails.
- [PROMPT_INJECTION]: The skill handles transaction descriptions which are untrusted external inputs. This creates a surface for indirect prompt injection. However, the risk is negligible as the skill lacks high-privilege capabilities and includes robust guardrails.
- Ingestion points: Ingests raw data through the
transactionsarray in the Input Contract. - Boundary markers: None explicitly defined in the prompt for the data payload.
- Capability inventory: No network operations, file-system writes, or subprocess execution capabilities exist in the skill's instructions.
- Sanitization: Step 1 (Normalize) provides rudimentary string cleaning by stripping specific prefixes and non-essential characters, though it does not provide full prompt injection sanitization.
Audit Metadata