generate-analytics-reports
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides CLI command templates using variables such as AGENT_ID. This creates a potential surface for command injection if the agent executes these shells without sanitizing user-provided inputs.
- [EXTERNAL_DOWNLOADS]: The skill requires the olakai CLI tool, which is a legitimate first-party dependency from the vendor.
- [PROMPT_INJECTION]: The skill processes activity data containing potentially untrusted content. Evidence chain: 1. Ingestion points: activity list JSON output. 2. Boundary markers: None. 3. Capability inventory: subprocess execution of CLI tools. 4. Sanitization: Partial, via jq field extraction.
- [SAFE]: No malicious obfuscation, hardcoded credentials, or unauthorized network exfiltration were detected.
Audit Metadata