invoice-template
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Detected potential surface for indirect prompt injection where untrusted data is interpolated into templates for PDF generation. * Ingestion points: The
invoice_datadictionary inSKILL.mdserves as the entry point for data that is rendered into templates. * Boundary markers: There are no delimiters or instructions to ignore embedded commands within the prompt or template interpolation logic. * Capability inventory: The skill utilizesreportlabandweasyprintfor document generation and file writing inSKILL.md. * Sanitization: No input validation, escaping, or filtering is implemented before the data is passed to the Jinja2 rendering engine. - [EXTERNAL_DOWNLOADS]: The skill documentation references external repositories on GitHub, specifically
nickmitchko/easy-invoice-pdfand the author's own repositoryclaude-office-skills/skills, which are used to provide additional context and resources.
Audit Metadata