Skills
skills/jimmc414/kosmos/reportlab/Gen Agent Trust Hub

reportlab

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface because it interpolates untrusted data directly into ReportLab paragraphs without sanitization. ReportLab interprets XML-like tags (e.g., , , ), which could allow an attacker to inject malicious formatting, external links, or reference local files.\n
  • Ingestion points: Untrusted data enters via company_info, client_info, notes, and terms in assets/invoice_template.py, and through content_blocks in scripts/quick_document.py.\n
  • Boundary markers: Absent. The code does not use delimiters or specify instructions for the agent to ignore or escape tags within the data.\n
  • Capability inventory: The skill can write files to disk (doc.build) and access the local file system to embed images (via the logo_path argument or <img> tags).\n
  • Sanitization: Absent. Although the included references/text_and_fonts.md documentation correctly identifies the risk and recommends HTML escaping for user content, the provided implementation scripts do not include any sanitization logic, leaving the generation process vulnerable to tag injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM