Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local shell script
./tools/pdf-generator/generate-pdf.shusing user-provided file paths for the input and output parameters. This design creates a surface for command injection if the underlying script does not properly sanitize shell metacharacters in the input strings. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external markdown files. Ingestion points: Untrusted markdown files passed as the [input] argument. Boundary markers: None identified in the skill workflow. Capability inventory: Execution of subprocesses via the generator script and filesystem read/write access. Sanitization: No sanitization or validation of the markdown content is described prior to conversion.
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing
weasyprintviapipandpandocvia Homebrew. These are well-known, trusted document processing utilities from reputable package registries.
Audit Metadata