ai-analyzer
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/generate_ai_report.pyduring Step 8 to generate interactive HTML reports. Executing local scripts can lead to arbitrary command execution if the script logic is compromised or if inputs are not properly sanitized. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data from multiple sources and lacks explicit boundary markers or sanitization logic.
- Ingestion points: Reads health data from
data/profile.json,data/index.json,data/medications.json,data/allergies.json, and tracker files indata-example/(fitness, sleep, nutrition, and mental health trackers). - Boundary markers: None identified. There are no instructions to the agent to ignore potential commands embedded within the JSON health records.
- Capability inventory: The skill has
ReadandWritepermissions and can execute thescripts/generate_ai_report.pysubprocess. - Sanitization: No evidence of data validation, escaping, or filtering of the external JSON content before it is processed by the AI or the report generation script.
- [DATA_EXPOSURE]: The skill is designed to read highly sensitive files, including
data/medications.json(medication history),data/allergies.json(allergy records), anddata/profile.json(personal identity and biometric data). While this is the primary purpose of the skill, the access to these paths represents a significant data exposure risk if the agent's behavior is influenced by malicious instructions.
Audit Metadata