casely
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
uvpackage manager to install thedoclingandopenpyxllibraries.doclingis a document parsing utility developed by IBM, andopenpyxlis a standard industry library for Excel file manipulation. These dependencies are legitimate and come from well-known sources.\n- [COMMAND_EXECUTION]: The skill workflow involves executing Python scripts provided within the skill's own directory (scripts/casely_parser.py,scripts/export_to_xlsx.py) and using theuvCLI for environment management. These commands are used to process local document assets and are intended for the primary function of the skill.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its document parsing workflow. \n - Ingestion points: Untrusted data enters the agent context via
scripts/casely_parser.py, which reads requirements and examples from PDF, DOCX, XLSX, and other formats located in theprojects/directory. \n - Boundary markers: The skill lacks explicit markers or instructions to the agent to disregard embedded directives within the parsed markdown content. \n
- Capability inventory: The skill has the ability to execute shell commands (
uv run), read and write to the filesystem, and process various data formats. \n - Sanitization: There is no evidence of sanitization or filtering applied to the document content before it is provided to the LLM for test case generation, which could allow malicious instructions embedded in a document to influence agent behavior.
Audit Metadata