invoice-organizer

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data extracted from invoices and receipts which could contain malicious instructions.
  • Ingestion points: Reading content from PDF files and images (OCR/text extraction) as described in SKILL.md, Step 2.
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or specific warnings to ignore instructions embedded within the extracted text.
  • Capability inventory: The skill uses shell commands including find, mkdir, cp, and mv to organize files based on extracted data.
  • Sanitization: Step 4 in SKILL.md instructs the agent to "Remove special characters except hyphens" from filenames, which provides a layer of protection against command injection via malicious file metadata.
  • [COMMAND_EXECUTION]: Uses local shell commands for file system management.
  • Evidence: The skill utilizes find to locate files and mkdir, cp, and mv to create the organizational structure and move files accordingly (SKILL.md, Steps 1 and 5). These commands are limited to local operations consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 04:11 AM
Security Audit — agent-trust-hub — invoice-organizer