pp-monarch-money

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill runs the monarch-money-pp-cli binary, which at runtime makes read-only GraphQL requests to the user’s Monarch account and ingests the returned account/transaction/tag text into the agent context; this is outsider-authored content (Monarch’s data) delivered via the CLI’s runtime output.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is a CLI specifically for Monarch Money (a financial app) and includes explicit transaction mutation commands: transactions create, transactions update, transactions set-tags, and transactions delete. It supports authenticated sessions/tokens and can apply writes (mutations) to the user's Monarch data (amount, date, category, etc.). Although writes default to dry-run, passing --yes sends the mutation. These are first-class, finance-specific write operations rather than generic tooling, so the skill grants direct financial execution capability.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 07:34 PM
Issues
2
Security Audit — snyk — pp-monarch-money