Weekly Report Generator
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user data for report formatting without clear boundaries. * Ingestion points: User-provided business metrics and status updates referenced in SKILL.md. * Boundary markers: Absent; untrusted input is directly interpolated into report templates. * Capability inventory: None. There are no python/node scripts or command-line tools. * Sanitization: None. * Severity: LOW because the skill only influences display output and lacks any write, execute, or network capabilities.
Audit Metadata