Skills
skills/hoangvantuan/claude-plugin/proposal-generator/Gen Agent Trust Hub

proposal-generator

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core functionality of processing external data.
  • Ingestion points: Instructions in SKILL.md (Phase 2) require the agent to ingest data from untrusted sources via web_search and potentially sensitive user data via tool_search (Google Drive, Gmail).
  • Boundary markers: The prompts lack instructions to use delimiters or ignore embedded directives in the retrieved data, which could lead to instructions in external content being obeyed by the agent.
  • Capability inventory: The agent has the capability to write various file formats (.md, .docx, .pptx) and execute code for document generation, which could be abused if an injection occurs.
  • Sanitization: No input validation or sanitization requirements are defined for the data processed during the research phase.
  • [SAFE]: The skill utilizes standard, reputable libraries for its document export features, including python-docx, python-pptx, and PptxGenJS.
  • [SAFE]: No obfuscation, persistence mechanisms, or unauthorized credential access patterns were identified in the analyzed files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:33 PM