pdf-report
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates report generation by executing local Python scripts including
pdf-generator.py,campaign-tracker.py,performance-monitor.py, andcompetitor-tracker.pywith data payloads. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing data from external, untrusted sources to generate narrative summaries.
- Ingestion points: Data is retrieved from external analytics MCPs (Google Analytics, Google Ads, Meta) and competitive intelligence via
competitor-tracker.pyas described in Step 2 of the process. - Boundary markers: There are no defined delimiters or 'ignore' instructions specified to separate ingested data from the agent's core instructions.
- Capability inventory: The skill possesses the ability to execute subprocesses and write formatted files to the local file system via the
execution-coordinatoragent. - Sanitization: No sanitization or validation logic is mentioned to filter or escape external content before it is used to generate narratives or passed to the PDF generation script.
Audit Metadata