israeli-freelancer-ops
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill requires access to and usage of sensitive credentials for various Israeli utility portals (IEC, Bezeq, Partner, etc.) to automate bill collection. It also instructs the agent to export the freelancer's profile—containing business type, tax obligations, and revenue tracking—to a local JSON file (
freelancer-profile.json) if persistent memory is unavailable, creating a risk of sensitive data exposure in the working directory. - [COMMAND_EXECUTION]: The skill utilizes browser automation (CDP) to navigate external portals, handle logins, and download documents. While restricted to utility collection in the instructions, the underlying capability to control a browser session and interact with external sites poses a security risk if the agent's instructions are subverted.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes untrusted external data:
- Ingestion points: Reads downloaded PDF utility bills, bank statements, and client-provided invoices during the generation of accountant packages.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore embedded instructions within the processed documents.
- Capability inventory: The agent has capabilities for browser automation (CDP), file system writes (generating JSON profiles and accountant ZIP files), and network access to utility portals.
- Sanitization: There is no mention of sanitizing or validating the content of the extracted data before it is used for reporting or further automation steps.
Audit Metadata