insights-deck
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it reads and processes external data to influence its output.
- Ingestion points: The skill reads the content of log/insights/YYYY-MM-DD/insights-YYYY-MM-DD-log.html.
- Boundary markers: There are no specified delimiters or instructions to ignore malicious content within the HTML source.
- Capability inventory: The agent has access to Bash (for compilation and file management), Write, and Edit tools.
- Sanitization: The instructions do not specify any sanitization or escaping of the HTML content before it is used to generate the LaTeX source code.
- [COMMAND_EXECUTION]: The skill performs dynamic execution by generating configuration and source files at runtime.
- Evidence: It creates a .latexmkrc configuration file containing Perl code and generates a .tex document based on the extracted insights.
- Evidence: It executes shell commands via Bash to run latexmk, which in turn executes the generated configuration and document source.
Audit Metadata