Bookkeeper

The skill is designed for legitimate bookkeeping automation, orchestrating sensitive APIs (Gmail, Stripe, Xero) and handling API keys. However, the `SKILL.md` file includes a 'Preflight' step that instructs the agent to execute shell commands (`echo "$MATON_API_KEY" | wc -c` and `echo "$DEEPREAD_API_KEY" | wc -c`). While these commands are currently used for a benign diagnostic check (verifying key presence by character count), they demonstrate the agent's capability to directly access and process sensitive environment variables via shell commands. This capability, even without malicious intent in the current instructions, represents a high-risk behavior that could be leveraged for credential exfiltration or other attacks if the agent were later subjected to prompt injection.