executive-reporting-maestro
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data, which could be used for indirect prompt injection if the resulting report is processed by another AI agent.
- Ingestion points: Data is read from the local filesystem via
fs.readFileSyncbased on the user-providedinputargument insrc/index.ts. - Boundary markers: The skill lacks explicit delimiters or "ignore instructions" warnings in its report generation logic to separate ingested data from the system's own report structure.
- Capability inventory: The skill possesses capabilities for reading files (
fs.readFileSync), directory listing (fs.readdirSync), and writing files (safeWriteFile). - Sanitization: There is no evidence of sanitization, escaping, or validation performed on strings extracted from JSON results (such as error messages or recommendations) before they are interpolated into the final markdown report.
Audit Metadata