cve-watchlist-action-recommendation-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external CVE scan results (JSON/SARIF). Maliciously crafted text within vulnerability titles or descriptions in the source scan files could influence the agent's report generation or subsequent actions.
- Ingestion points: The scripts
scripts/parse_scan_results.pyandscripts/calculate_risk_score.pyread untrusted data from various security scan result files. - Boundary markers: The skill does not implement explicit delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill focuses on data processing and report generation (markdown output); it does not exhibit dangerous capabilities such as network access or arbitrary command execution based on the ingested content.
- Sanitization: There is no evidence of string sanitization or validation of fields like 'description' or 'title' before they are used to generate the final report.
Audit Metadata