inputs
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It reads content from user-specified text and markdown files and incorporates that data into the
inputs.jsonfile without sanitization. If the downstream pipeline processes this data using an LLM, malicious instructions within the user files could influence the agent's behavior. - Ingestion points:
Step Ereads raw content from user-provided.txtand.mdfiles. - Boundary markers: The skill does not implement delimiters or instructions to ignore embedded prompts when interpolating file content.
- Capability inventory: The skill possesses the ability to execute CLI commands (
mthds-agent pipelex) and run dynamically generated Python scripts. - Sanitization: No escaping or validation is performed on the ingested text.
- [COMMAND_EXECUTION]: The skill generates and executes Python code at runtime to create synthetic PDF, DOCX, and XLSX files. It utilizes libraries like
reportlabfor PDF generation and may suggest or utilizepython-docxandopenpyxl. Furthermore, it executesmthds-agent pipelexcommands for schema extraction and pipeline runs. - [EXTERNAL_DOWNLOADS]: The skill references a public PDF from
w3.orgas a fallback and describes the installation of standard Python packages (python-docx,openpyxl) from the official PyPI registry. These interactions involve well-known and trusted technology services and organizations. - [DATA_EXFILTRATION]: The skill has the capability to list directories and copy files from the local file system into a project directory based on user-provided paths. While necessary for its data integration purpose, this represents a potential risk of sensitive data exposure if used to target protected system files.
Audit Metadata