expense-report-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface.
- Ingestion points: Processes external data from CSV (
load_csv) and JSON (load_json) files, including fields like 'description' and 'notes' which often contain free-text. - Boundary markers: None identified in documentation or code snippets; the agent interpolates raw field data directly into report generation.
- Capability inventory: File writing (
generate_pdf,generate_html), library-based rendering (reportlab, matplotlib), and potential shell interaction if the underlying PDF generator calls system binaries. - Sanitization: No evidence of sanitization or escaping of input data before it is rendered into PDF/HTML formats, which could lead to injection if the output is further processed by an LLM.
- COMMAND_EXECUTION (SAFE): While the skill uses external libraries like
pandasandreportlab, there is no direct evidence of arbitrary command execution (os.system,subprocess) or dynamic code execution (eval,exec) in the provided snippets. The risk is limited to the underlying library vulnerabilities.
Audit Metadata