israeli-client-payment-chaser
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection (Category 8).
- Ingestion points: Data enters the agent's context through the import of invoices from external sources like
israeli-e-invoiceor manual entry as described inSKILL.md(Step 1). - Boundary markers: The instructions lack delimiters or specific warnings to ignore potential instructions embedded within the processed invoice data.
- Capability inventory: The skill is granted access to the
Bash(python:*)tool for data management andWebFetchfor retrieving financial and calendar data from external sites (e.g.,boi.org.il). - Sanitization: There is no mention of sanitizing or validating external input before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill is configured with
Bash(python:*)inallowed-tools. It uses this capability to store tracking data inpayment-chaser-data.jsonand generate reports. This is a functional requirement for the skill's purpose but contributes to the potential impact of indirect injection vulnerabilities.
Audit Metadata