invoice-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns such as prompt injection, credential exfiltration, or remote script execution were identified. The skill performs standard local file processing for document generation.
- Indirect Prompt Injection (SAFE): The skill exposes a surface for processing external data, which is typical for its function. 1. Ingestion points: invoices.csv and invoice.json as mentioned in SKILL.md. 2. Boundary markers: Not specified in the documentation. 3. Capability inventory: Generates PDF files and saves them to the local disk using reportlab as mentioned in SKILL.md. 4. Sanitization: Not explicitly documented, but the risk of exploitation is minimal as the output format is a static PDF layout.
Audit Metadata