proposal-writer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is to generate business documentation (sales proposals, quotes, and partnership agreements) using structured templates and best practices provided in the skill body.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data to generate documents.
- Ingestion points: The skill actively prompts users to provide external data regarding clients, project requirements, and solution details in SKILL.md.
- Boundary markers: There are no explicit boundary markers or instructions to the model to ignore embedded commands within the user-provided data.
- Capability inventory: The skill utilizes the 'office-mcp' server tools including 'create_docx', 'fill_docx_template', and 'create_pptx' to generate persistent files based on the input data.
- Sanitization: No evidence of sanitization or input validation is present in the skill instructions to prevent malicious content from being interpolated into the document generation tools.
Audit Metadata