sap-template-parser
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/parse_template.pyperforms dynamic path manipulation by inserting a directory five levels above the script's location intosys.path. While often used for local module resolution in specific repository structures, dynamic path modification is a technique that can be used to load modules from computed or untrusted locations. - [INDIRECT_PROMPT_INJECTION]: The skill processes external SAP template documents provided via a user-defined path. This content is used to determine
content_typeclassifications which, according to the documentation, drive downstream generation prompts. - Ingestion points: The
template_pathargument inscripts/parse_template.pyallows loading arbitrary documents into the agent's context. - Boundary markers: The script does not implement delimiters or 'ignore' instructions for the text extracted from the templates.
- Capability inventory: The script performs file system operations (read/write) using
pathlib. - Sanitization: There is no sanitization or escaping of the titles or section IDs extracted from the document before they are written to
template_structure.json. - [COMMAND_EXECUTION]: The script
scripts/parse_template.pyusessys.argvto take input and output paths, which is standard CLI behavior but requires that the caller validates these paths to prevent directory traversal or unauthorized file access.
Audit Metadata