warn
suspicious.prompt_injection_instructions
- Location
- SKILL.md:20
- Finding
- Prompt-injection style instruction pattern detected.
Budget Buddy Pro
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.prompt_injection_instructions
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Your financial history may remain on disk and may be reused in later budgeting conversations.
Why it was flagged
The skill intentionally persists parsed bank and credit-card transaction data for later budgeting and summaries.
Skill content
Save parsed transactions to `data/transactions/YYYY-MM.json`
Recommendation
Use this only on a trusted device, keep disk encryption enabled where possible, review the data directory periodically, and delete stored statements or transaction files you no longer need.
What this means
Setup changes files and permissions in the local skill directory. The shown commands are scoped, but they are still local command execution.
Why it was flagged
The setup flow asks the user's agent to execute local shell commands to create directories, copy config, set permissions, and verify files.
Skill content
I need you to install the Budget Buddy Pro skill. Run these commands exactly:
Recommendation
Review the setup block before running it and make sure the paths match your intended workspace.
What this means
Users could over-rely on the security badge when deciding to upload sensitive financial records.
Why it was flagged
The README presents a strong security-verification claim, while the supplied artifacts do not provide independent verification beyond the package's own SECURITY.md.
Skill content
🛡️ **Codex Security Verified**
Recommendation
Treat the badge as a project claim, not independent proof; review your agent platform's data-retention policy before sharing bank statements.