Invoice Generator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a template-based document generator, creating Markdown and HTML invoices from user input.
- [SAFE]: External references are limited to informational links and documentation on the vendor's website (afrexai-cto.github.io) and do not involve remote code execution or suspicious downloads.
- [SAFE]: File operations are restricted to saving generated invoices in a local 'invoices/' directory for organization and record-keeping, which is consistent with its stated purpose.
- [SAFE]: No obfuscation, prompt injection attempts, or unauthorized data exfiltration patterns were detected in the skill instructions or metadata.
- [SAFE]: Indirect prompt injection surface evaluation:
- Ingestion points: User-provided client info and line item descriptions processed in SKILL.md for invoice generation.
- Boundary markers: None explicitly defined to delimit untrusted data.
- Capability inventory: File-write access to a local 'invoices/' directory.
- Sanitization: No explicit sanitization of input data before document generation, but the risk is low due to limited tool capabilities.
Audit Metadata