pp-xero

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests data from external JSON fixture files, creating a vulnerability surface for indirect prompt injection where malicious instructions within the data could influence agent behavior.
  • Ingestion points: local JSON files (e.g., accounts.json, trial_balance.json) provided via the --fixture flag in SKILL.md.
  • Boundary markers: none present in instructions to distinguish data from instructions.
  • Capability inventory: executes xero-pp-cli subprocesses.
  • Sanitization: none identified in the skill instructions.
  • [COMMAND_EXECUTION]: The skill utilizes the xero-pp-cli tool to interact with local data. While used for the primary purpose of data inspection, this involves shell-level execution of a CLI utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 07:33 PM
Security Audit — agent-trust-hub — pp-xero