project-status
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions reveals no malicious intent, obfuscation, or unauthorized access patterns. The skill is restricted to read-only operations on project data.
- [DATA_EXPOSURE]: The skill reads files from a specific local directory (~/.config/finance-skills/projects/{code}/). While this involves file system access, it is constrained to project metadata and does not attempt to access sensitive directories such as SSH keys or cloud provider configurations.
- [PROMPT_INJECTION]: The skill processes external data from project files (e.g., project.md, timeline.md). This creates a surface for indirect prompt injection where malicious text in those files could attempt to influence agent behavior. However, given the skill's lack of executable capabilities (no shell, no network), the risk is minimal and restricted to output manipulation.
Audit Metadata