invoice-organizer
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data extracted from invoices and receipts which could contain malicious instructions.
- Ingestion points: Reading content from PDF files and images (OCR/text extraction) as described in SKILL.md, Step 2.
- Boundary markers: Absent; the instructions do not specify the use of delimiters or specific warnings to ignore instructions embedded within the extracted text.
- Capability inventory: The skill uses shell commands including
find,mkdir,cp, andmvto organize files based on extracted data. - Sanitization: Step 4 in SKILL.md instructs the agent to "Remove special characters except hyphens" from filenames, which provides a layer of protection against command injection via malicious file metadata.
- [COMMAND_EXECUTION]: Uses local shell commands for file system management.
- Evidence: The skill utilizes
findto locate files andmkdir,cp, andmvto create the organizational structure and move files accordingly (SKILL.md, Steps 1 and 5). These commands are limited to local operations consistent with the skill's stated purpose.
Audit Metadata