account-handoff-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/run.py) to automate the generation of handoff documents and perform security scans on local files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted external data which is then interpolated into Markdown reports without sanitization or boundary markers.
- Ingestion points: The
scripts/run.pyscript reads user-specified files or directories provided via the--inputargument, which typically contain sales and customer background information. - Boundary markers: Absent; the report generation logic in
make_structured_reportand other report functions does not use delimiters or instructions to ignore embedded commands within the processed data. - Capability inventory: The skill possesses the capability to read any local file accessible to the agent and write output to specified paths via the Python script.
- Sanitization: Absent; input data is processed as raw text and inserted directly into Markdown output templates without escaping or validation.
Audit Metadata