expropriation-timeline-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The script modifies sys.path to include a Shared_Utils directory located multiple levels above the skill file (up to parents[4]). This allows the skill to load external code from a path outside the skill's own distribution package, which could lead to arbitrary code execution if an attacker can control files in the parent directory structure.
- Indirect Prompt Injection (LOW): The skill processes user-controlled JSON data and reflects fields like project_name and task_name directly into generated Markdown reports. This creates an injection surface where malicious instructions in the input data could influence subsequent agent actions when the report is processed.
- Ingestion points: project_timeline_calculator.py (via load_input_data) reads the input JSON file containing user-controllable strings.
- Boundary markers: Absent; no escaping or delimiters are used for reflected strings in the report output.
- Capability inventory: Local file system write access to the Reports/ directory.
- Sanitization: Validation logic in validators.py ensures data types but does not sanitize string content for markdown or prompt injection patterns.
Audit Metadata