sap-article-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes Python scripts (fetch_image.py) to download images from URLs discovered via web search. This creates a surface for Server-Side Request Forgery (SSRF) if the agent is directed to internal or sensitive URLs. Evidence: fetch_image.py uses requests.get() on URLs provided by the agent.
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute local scripts to process images. Evidence: INTEGRATION_GUIDE.md and SKILL.md refer to running scripts/fetch_images_batch.py.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: web_search results processed for article content and image URLs. 2. Boundary markers: None identified in the provided skill files. 3. Capability inventory: fetch_images_batch.py (network, file-write), docx skill (file-write). 4. Sanitization: Basic path sanitization in fetch_image.py using Path.name to prevent directory traversal.
Audit Metadata