client-delivery
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from client source files (CSV, Excel, SQL) during the profiling and development phases (SKILL.md, references/schema-profiling.md). This surface lacks explicit boundary markers or sanitization, potentially allowing malicious content in these files to influence agent behavior through indirect prompt injection.
- [COMMAND_EXECUTION]: The skill manages project scaffolding and document generation by executing local Python scripts (schema_profiler.py, sample_extractor.py, etc.) and system commands such as git, sed, and pandoc (references/engagement-scaffold.md, references/deliverable-quality-report.md).
Audit Metadata