The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface where untrusted data from external files is ingested and used to generate output files with side effects.
Ingestion points: The generate and weekly commands in scripts/main.py (lines 32, 34, 57) read data from user-supplied JSON and CSV files.
Boundary markers: No boundary markers or 'ignore' instructions are used when processing the data content.
Capability inventory: The skill has the capability to write files to the local filesystem (Path(output).write_text(html) in main.py). If used within an agent pipeline, the resulting HTML could influence downstream agent decisions.
Sanitization: Completely absent. The functions generate_report_html and generate_weekly_html use Python f-strings to interpolate raw data values directly into HTML tags (e.g., <td>{v}</td>). This allows an attacker to inject arbitrary HTML, script tags, or malicious instructions into the report.
Unverifiable Dependencies (LOW): The skill references weasyprint in SKILL.md for PDF generation, which has a complex dependency tree (including system libraries like Pango/GObject), though it is a well-known package.
Metadata Integrity (INFO): The metadata claims the skill uses jinja2, but the actual implementation in main.py uses unsafe f-string concatenation instead of Jinja2's auto-escaping templates, which would have been a safer choice.

report-generator