document-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill metadata in
SKILL.mddescribes a gateway that ingests external content for document conversion.\n - Ingestion points: Markdown reports and JSON data are processed to generate documents.\n
- Boundary markers: No delimiters or isolation instructions are present to separate untrusted content from the skill's orchestration logic.\n
- Capability inventory: The skill coordinates several other tools (
pdf-composer,word-artisan,excel-wizard,slides-creator,html-builder) which involve file system outputs.\n - Sanitization: No sanitization or validation of the input data is indicated.\n- Command Execution (LOW): The
package.jsonfile contains a script to runnode scripts/generate.cjs. This facilitates the skill's logic but requires inspection of the script to ensure user-controlled arguments are not passed unsafely to shell commands.
Audit Metadata