privacy-notice-generator
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts,
privacy_notice_scaffolder.pyandnotice_compliance_checker.py, to generate templates and validate privacy notice text. These scripts rely on standard Python libraries and do not perform network operations or sensitive system modifications.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because thenotice_compliance_checker.pyscript ingests and processes untrusted data from external files. Maliciously crafted privacy notices could contain instructions intended to mislead the agent when it reviews the script's output.\n - Ingestion points:
scripts/notice_compliance_checker.py(reads content from the file path provided innotice_file).\n - Boundary markers: Absent; the script analyzes the full content of the provided file.\n
- Capability inventory: The agent can execute local scripts and read files. The scripts themselves are limited to string processing and regex validation.\n
- Sanitization: Absent; input text is processed directly using regular expressions without validation or escaping of potential prompt injection patterns.
Audit Metadata