report-generator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python code that uses pandas and matplotlib to read CSV files and write report outputs (PNG, HTML). These operations are standard for a report generation tool and do not involve suspicious system calls.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes external data files like CSV and JSON. Ingestion points: Data is loaded via pandas.read_csv from external files. Boundary markers: No delimiters or ignore instructions are present in the processing logic. Capability inventory: The skill can write files to the disk and use MCP tools to create document files. Sanitization: No sanitization is performed on the data before it is interpolated into HTML templates. However, given the local nature of the skill and its primary purpose, this risk is considered low.
Audit Metadata