Skills
skills/krzysztofsurdy/code-virtuoso/report-writer/Gen Agent Trust Hub

report-writer

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git to retrieve commit logs and file diffs, and utilizes OS-specific commands (open, xdg-open, start) to launch the generated HTML report in the browser.\n- [EXTERNAL_DOWNLOADS]: Fetches CSS, font, and icon resources from reputable CDNs including Tailwind CSS, jsDelivr, and Google Fonts.\n- [PROMPT_INJECTION]: The skill ingests data from local git history to populate the report, which constitutes an indirect prompt injection surface.\n
  • Ingestion points: Git command outputs (git diff, git log) collected in SKILL.md.\n
  • Boundary markers: None explicitly specified for the HTML token replacement.\n
  • Capability inventory: File system write access and browser invocation via shell commands.\n
  • Sanitization: No explicit sanitization or escaping instructions are provided for the gathered data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:46 PM