elegant-reports
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- DATA_EXFILTRATION (SAFE): The skill transmits document content to the Nutrient DWS API for conversion. This network activity is the primary intended function of the tool. API credentials are required to be set via environment variables rather than being hardcoded.
- COMMAND_EXECUTION (SAFE): The skill's documentation provides examples for local report generation and visual testing. These operations are performed locally and do not involve the execution of untrusted remote code.
- PROMPT_INJECTION (SAFE): The skill ingests untrusted markdown data for report generation. While this creates a surface for indirect prompt injection, the risk is inherent to the report-generation use case and is mitigated by the static nature of the PDF output. [Ingestion points: generate.js (markdown input files); Boundary markers: Absent; Capability inventory: Network egress via axios and local file writing; Sanitization: Not specified].
- EXTERNAL_DOWNLOADS (SAFE): HTML templates reference Google Fonts. Since Google is a trusted organization, these external references are considered low risk and acceptable for use.
Audit Metadata