dpia-generator
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local build script located at 'scripts/build-doc.sh' to convert findings into Word documents. This script execution is performed within the project context and is required for the documented document generation process.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from project-level context files.
- Ingestion points: Data is read from '_context/vision.md', '_context/features.md', '_context/personas.md', '_context/gap-analysis.md', and 'domains/uganda/references/dppa-pii-classification.md'.
- Boundary markers: Absent. No specific instructions are provided to the agent to treat content within these files as data only or to ignore embedded instructions.
- Capability inventory: The skill has the capability to execute shell commands via 'bash scripts/build-doc.sh'.
- Sanitization: Absent. Inputs from external files are interpolated into the DPIA report template without validation or escaping.
Audit Metadata