weekly-report
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to interpolate untrusted user data into structured report templates.
- Ingestion points: User input regarding weekly accomplishments, blockers, and future plans in SKILL.md.
- Boundary markers: Absent. The skill does not use delimiters or provide system instructions to ignore embedded commands within the input data.
- Capability inventory: The skill utilizes the office-mcp server tools (create_docx and fill_docx_template) which likely perform file-system operations.
- Sanitization: Absent. There is no evidence of filtering or validation of the user input before it is used in the report templates.
Audit Metadata