pp-monarch-money

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the monarch-money-pp-cli tool using NPM (@mvanhorn/printing-press-library) or Go (github.com/mvanhorn/printing-press-library). These resources belong to the vendor and represent standard installation procedures for the skill's dependencies.
  • [COMMAND_EXECUTION]: The skill is designed to drive the monarch-money-pp-cli binary. It executes various subcommands for data retrieval (accounts, tags, transactions, cashflow) and data modification (transactions create/update/delete). Modification commands are protected by a mandatory dry-run step unless the --yes flag is explicitly provided.
  • [DATA_EXFILTRATION]: The CLI tool facilitates communication with Monarch Money's external GraphQL API to manage financial data. This network activity is the primary intended purpose of the skill.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection as it retrieves data from an external source (Monarch Money). If a transaction note or merchant name contains malicious instructions and the agent processes this data without sufficient sanitization, it could influence the agent's subsequent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 07:34 PM
Security Audit — agent-trust-hub — pp-monarch-money