quarto-book
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill possesses an injection surface by interpolating user-controlled strings into generated project files. Although the risk is low as the skill itself does not execute the generated content, it lacks sanitization for complex inputs. 1. Ingestion points: The name, author, and title arguments in scripts/generate.py. 2. Boundary markers: Absent; values are directly interpolated into f-string templates. 3. Capability inventory: Limited to local file system operations including directory creation (os.makedirs) and file writing (open().write()). 4. Sanitization: Absent; strings are not escaped for YAML or Markdown metadata constraints.
- General Security (SAFE): The skill performs only intended file generation tasks and does not involve external dependencies or remote code execution.
Audit Metadata