Fiscal

The skill is classified as suspicious due to several high-risk capabilities that, while intended for legitimate financial management, could be exploited by a malicious user through prompt injection or shell injection. Key indicators include the instruction to execute `fscl login [server-url] --password <pw>` (SKILL.md, references/command-reference.md), which could be manipulated to exfiltrate user passwords to an arbitrary server URL. Additionally, the agent is instructed to construct `fscl` commands using user-provided input (e.g., names for accounts/categories), creating a shell injection risk if the agent lacks robust input sanitization. The `fscl query --inline <expr>` command (references/query-library.md) also allows arbitrary query execution, which could be a vector for abuse if the AQL language has unforeseen capabilities or vulnerabilities. Finally, importing user-provided files via `fscl transactions import <file>` (references/import-guide.md) presents a risk if file parsing vulnerabilities exist in `fscl`.