geo-report-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python script
scripts/build_report.pythat is invoked via a shell command. This script accepts a file path via the--dataargument and passes it directly to theopen()function without validation or sanitization. This is a poor security practice that could potentially lead to arbitrary file read attempts if the input path is controlled by a malicious source. - [PROMPT_INJECTION]: The report generation workflow is vulnerable to indirect prompt injection from processed data.
- Ingestion points: Metrics data is read from a JSON file in
scripts/build_report.py. - Boundary markers: No delimiters or protective markers are used when interpolating data into the final Markdown report.
- Capability inventory: The skill utilizes subprocess execution of the report builder script and subsequent processing of its output.
- Sanitization: There is no sanitization or escaping of the values retrieved from the JSON input before they are embedded into the output string, which could allow maliciously crafted data to influence agent behavior.
Audit Metadata