weekly-report-generator
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external sources that could contain malicious instructions.\n
- Ingestion points: Git commit messages via
get_git_logs.pyand user-provided Word/Markdown templates via the--templateparameter.\n - Boundary markers: Absent. There are no explicit delimiters or instructions to isolate commit messages from the agent's core prompt.\n
- Capability inventory: File system access and execution of local Python scripts via subprocess.\n
- Sanitization: Absent. The 'content cleaning' mentioned is a linguistic transformation for business terminology, not a security-focused sanitization process.\n- Unverifiable Dependencies & Remote Code Execution (LOW): The skill depends on a suite of Python scripts in a
scripts/directory (e.g.,orchestrate_reports.py,get_git_logs.py,fill_template.py) that were not included in the provided 12 files, preventing verification of their internal logic.\n- Command Execution (SAFE): The skill utilizes structured command-line calls to internal scripts to manage its workflow. No evidence of shell injection or malicious arbitrary command execution was found in the prompt instructions.
Audit Metadata