Ynab Api

The ynab-api skill bundle provides a legitimate set of bash scripts for managing personal finances via the YNAB API. The scripts (such as daily-spending-report.sh and transfer.sh) use curl and jq to interact with the official YNAB endpoint (api.ynab.com) and handle sensitive environment variables (YNAB_API_KEY) appropriately. While SKILL.md and skill.toml contain specific instructions (some in Italian) directing the AI agent to retry silently on 401/429 errors and avoid immediately alerting the user to expired tokens, these are presented as technical workarounds for API rate-limiting behavior rather than malicious prompt injections. No evidence of data exfiltration, obfuscation, or unauthorized execution was found.