israeli-bank-connector

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted merchant descriptions from bank statements and presents them to the AI agent.
  • Ingestion points: Transaction data enters the system through the scripts/categorize_transactions.py script, which accepts JSON input via the --json command-line argument.
  • Boundary markers: The instructions and script do not implement boundary markers or delimiters (such as XML tags or explicit 'ignore' warnings) to isolate external merchant data from the agent's instructions.
  • Capability inventory: The categorization script (scripts/categorize_transactions.py) does not contain dangerous capabilities; it relies on standard Python libraries (re, json, argparse) and does not perform file writes, network calls, or subprocess execution.
  • Sanitization: No sanitization, escaping, or filtering is performed on the merchant description strings before they are processed by regex or included in the spending analysis summary generated for the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:01 AM
Security Audit — agent-trust-hub — israeli-bank-connector