report-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data and reflects it directly into output formats.
- Ingestion points: External data is ingested from files provided by the user (CSV, Excel, JSON) using functions like
pd.read_csv()inSKILL.md. - Boundary markers: There are no explicit markers or safety instructions included in the prompts to ensure the agent ignores instructions embedded within the processed data.
- Capability inventory: The skill has the capability to write files to the local system (
plt.savefig,open().write()), which could be misused if the agent is compromised by malicious data. - Sanitization: Data is interpolated into HTML templates using f-strings (e.g.,
<h1>{title}</h1>) without escaping or validation, which could facilitate cross-site scripting (XSS) or the injection of malicious instructions.
Audit Metadata