weekly-report-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) through Git logs.\n
- Ingestion points: The skill reads commit messages from local Git repositories via
get_git_logs.py(referenced inSKILL.md).\n - Boundary markers: Absent. There are no delimiters or instructions to treat commit data as untrusted in
references/report-prompts.md.\n - Capability inventory: The skill can write files (
fill_template.py) and spawn sub-agents via theTasktool, which could be exploited if the agent obeys instructions embedded in logs.\n - Sanitization: None detected. Semantic 'cleaning' of tech terms does not prevent instruction following.\n- [COMMAND_EXECUTION] (MEDIUM): The workflow requires the agent to execute multiple Python scripts (
orchestrate_reports.py,parse_time.py,analyze_template.py,fill_template.py) with arguments including user-provided file paths. This presents a risk of path traversal or unintended file access if paths are not strictly validated by the agent before execution.\n- [DATA_EXFILTRATION] (LOW): The scripts access Git repositories and local files. While the provided code does not contain network calls, an agent compromised via indirect injection could potentially exfiltrate data using other tools available in its environment.
Recommendations
- AI detected serious security threats
Audit Metadata