process-faq
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources (Excel, Word, PDF, and Text files) and uses the extracted content to inform the generation of executable Python code.\n
- Ingestion points: User-provided FAQ documents are read and converted to Markdown using
scripts/convert_to_markdown.py.\n - Boundary markers: Absent. The skill does not implement delimiters or explicit instructions to the agent to ignore instructions embedded within the processed content.\n
- Capability inventory: The skill enables the
BashandWritetools, allowing the agent to create and execute local Python scripts (SKILL.md).\n - Sanitization: Absent. No validation or filtering is applied to the extracted text before it is used to populate the code generation template in Step 4.\n- [COMMAND_EXECUTION]: The skill relies on the
Bashtool to execute Python scripts for document processing and formatting. It also requires the agent to dynamically generate and run a temporary script (create_faq.py) to save optimized data to Excel.\n- [EXTERNAL_DOWNLOADS]: Therequirements.txtfile specifies several third-party Python libraries (pandas,openpyxl,python-docx,PyPDF2,jieba) that are downloaded from public package registries during installation.
Audit Metadata