generate-pdf
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to construct Python commands by interpolating user-controlled arguments, specifically '' and '', directly into Python source code strings. This pattern is susceptible to arbitrary Python code injection if the provided arguments contain line breaks or single quotes that terminate the intended string literal.
- [COMMAND_EXECUTION]: The skill executes external Python scripts from paths relative to the skill root, such as '../pdf-factory/scripts/render.py'. Reliance on scripts located outside the skill's own directory structure introduces a dependency on the environment's file system state which could be manipulated to execute unauthorized code.
- [PROMPT_INJECTION]: The skill processes untrusted external markdown data, creating an indirect prompt injection surface.
- Ingestion points: The content of the user-provided markdown file is read and parsed in step 4.
- Boundary markers: No delimiters or explicit instructions are provided to the agent to prevent it from interpreting data within the markdown as its own instructions.
- Capability inventory: The skill possesses 'Bash', 'Read', and 'Write' capabilities, providing multiple vectors for an attacker to exploit if the agent is successfully injected.
- Sanitization: Input markdown is passed to the standard 'markdown' library without prior sanitization or filtering of potential agent instructions.
Audit Metadata