business-document-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-provided data via JSON files to generate PDF documents.
- Ingestion points: The
scripts/generate_document.pyscript reads data from a JSON file which may contain untrusted user input. - Boundary markers: Absent; user data is directly mapped to document fields.
- Capability inventory: The skill is capable of writing PDF files to the local file system using
pypdfandreportlab. - Sanitization: No sanitization is performed on the input strings before they are embedded into the generated PDF files.
- [Unverifiable Dependencies] (SAFE): The skill relies on standard, well-known Python packages (
pypdf,reportlab) for PDF generation, which is a routine and expected behavior for this use case.
Audit Metadata