vat-declaration-prep
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structured instructions for manual or semi-automated financial data reconciliation. It does not contain executable code, remote dependencies, or obfuscation.
- [DATA_EXPOSURE]: The skill instructions include a step to read a local configuration file (
../../CLAUDE.md). This is documented as a procedure for obtaining scene-level configuration (e.g., taxpayer status, tax rates) and does not constitute unauthorized access. - [PROMPT_INJECTION]: The skill processes data from external sources (Invoices, ERP, Tax Platforms). This constitutes an indirect prompt injection surface. However, since the skill defines no autonomous execution capabilities or network operations, the risk is minimal.
- Ingestion points: Data from [INV], [TAX-VAT], and [ERP] systems as described in the reconciliation logic in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: None (SKILL.md contains instructions only, no executable scripts).
- Sanitization: Not specified.
Audit Metadata