geo-citation-writer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input and includes it in files written to the disk, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: User input is ingested via the
--topicargument in thescripts/generate_content.pyscript. - Boundary markers: The skill lacks boundary markers or instructions to isolate user input from the generated content structure.
- Capability inventory: The
scripts/generate_content.pyscript has the capability to write and overwrite arbitrary files on the local file system using the--outputargument. - Sanitization: No input validation or sanitization is performed on the topic or output path.
- [COMMAND_EXECUTION]: The skill documentation instructs the agent to execute Python scripts that perform file system operations. This includes
scripts/generate_content.pyand a batch processing script mentioned in the documentation, both of which can write to user-controlled paths, posing a risk of unauthorized file modification if the agent is directed to use sensitive system paths.
Audit Metadata