monthly-invoice-summary
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to summarize existing project data (Git history and notes) for professional use. It does not introduce any security risks.
- [COMMAND_EXECUTION]: The skill utilizes
git logto retrieve project commit history. This is a standard and benign use of project metadata for summarizing developer work. - [PROMPT_INJECTION]: The skill ingests external content from Git commit messages and user notes, creating a surface for indirect prompt injection.
- Ingestion points: Git commit logs (Step 2) and user-provided time sheet notes (Step 3).
- Boundary markers: Not explicitly used to delimit external data, though instructions are focused on synthesis.
- Capability inventory: Limited to local file reading and text summarization; no network or high-privilege system tools are utilized.
- Sanitization: None.
- [DATA_EXFILTRATION]: The skill does not access sensitive system files (e.g., SSH keys, AWS credentials) and performs no network requests to external domains.
Audit Metadata