business-document-generator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted user data to fill PDF templates, creating a surface for content manipulation in the generated output. \n
- Ingestion points: User data provided during the document generation workflow in SKILL.md. \n
- Boundary markers: Absent; instructions do not specify sanitization of user data or the use of clear delimiters. \n
- Capability inventory: scripts/generate_document.py performs file reads (json) and writes (pdf). \n
- Sanitization: Absent in the Python script; user strings are directly rendered onto the PDF canvas. \n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill installs standard, well-known packages (pypdf, reportlab) via pip. No remote script execution was detected. \n- Command Execution (SAFE): The skill executes a bundled Python script for its primary function. While it accepts CLI arguments that could theoretically be manipulated for path traversal, the agent is responsible for creating the data files and managing the output paths.
Audit Metadata