ai-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from several local JSON files which could be influenced by external sources. Ingestion points: Health data is read from various files including 'data/profile.json', 'data/index.json', and multiple trackers in 'data-example/'. Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands within these data sources. Capability inventory: The skill utilizes 'Read', 'Write', 'Grep', and 'Glob' tools and invokes a Python script ('scripts/generate_ai_report.py'). Sanitization: The skill description does not specify any validation or filtering mechanisms to sanitize the content of the data files before processing.
- [COMMAND_EXECUTION]: The skill initiates the execution of a local Python script ('scripts/generate_ai_report.py') to generate interactive HTML reports. This execution capability, combined with the ingestion of untrusted data, represents a functional but notable attack surface.
Audit Metadata