sap-content-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes external data (e.g., protocol_entities.json) and interpolates it directly into LLM prompts without explicit sanitization or strict boundary markers.
- Ingestion points:
scripts/generate_by_chapter.py(loading template structure) and all prompt templates in theprompts/directory. - Boundary markers: Absent; the prompts use simple variable interpolation (e.g.,
{endpoints},{study_design}) which does not distinguish between system instructions and potentially adversarial data content. - Capability inventory: The skill is capable of reading and writing local files (Markdown sections and JSON reports) using the provided Python scripts.
- Sanitization:
scripts/generate_by_chapter.pycontains basic regex-based filename sanitization (_sanitize_id), but there is no validation or escaping of the actual content processed by the LLM.
Audit Metadata