invoice-template
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official Claude Office Skills repository for additional resources.
- [EXTERNAL_DOWNLOADS]: References an external GitHub repository (github.com/nickmitchko/easy-invoice-pdf) as a template resource.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of standard Python packages from the official PyPI registry, including python-docx, openpyxl, python-pptx, reportlab, and jinja2.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the data it processes.
- Ingestion points: Processes external invoice data, company details, and item descriptions provided by users or external sources in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when interpolating data into templates.
- Capability inventory: Utilizes the reportlab and weasyprint libraries to generate PDF documents from the provided data.
- Sanitization: The provided code snippets calculate totals internally but do not include explicit logic to sanitize or escape strings before they are rendered into HTML or PDF templates.
Audit Metadata