israeli-client-payment-chaser

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection (Category 8).
  • Ingestion points: Data enters the agent's context through the import of invoices from external sources like israeli-e-invoice or manual entry as described in SKILL.md (Step 1).
  • Boundary markers: The instructions lack delimiters or specific warnings to ignore potential instructions embedded within the processed invoice data.
  • Capability inventory: The skill is granted access to the Bash(python:*) tool for data management and WebFetch for retrieving financial and calendar data from external sites (e.g., boi.org.il).
  • Sanitization: There is no mention of sanitizing or validating external input before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill is configured with Bash(python:*) in allowed-tools. It uses this capability to store tracking data in payment-chaser-data.json and generate reports. This is a functional requirement for the skill's purpose but contributes to the potential impact of indirect injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:14 PM
Security Audit — agent-trust-hub — israeli-client-payment-chaser