pp-lunch-money

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external software from the author's repositories using npx -y @mvanhorn/printing-press or go install github.com/mvanhorn/printing-press-library/....
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature. This capability allows the agent to send command outputs, which may contain sensitive financial data such as transactions, balances, and net worth, to any arbitrary external URL.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by processing untrusted data.
  • Ingestion points: Merchant names, transaction notes, and category descriptions are retrieved via transactions, triage, and summary commands.
  • Boundary markers: The skill does not implement delimiters or provide instructions for the agent to ignore potentially malicious content within these data fields.
  • Capability inventory: The agent can write data to local files, send it to external webhooks, and execute shell commands through the Read Bash tool.
  • Sanitization: There is no documented sanitization of ingested financial data before it is presented to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 10:40 AM
Security Audit — agent-trust-hub — pp-lunch-money