invoice-generator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted user data and interpolates it into the generated PDF content without sufficient safety measures.
- Ingestion points: User-provided invoice details (sender/recipient info, line item descriptions, notes) entering the agent context as described in Step 1 of SKILL.md.
- Boundary markers: Absent. The instructions do not define delimiters or warnings to ignore instructions embedded within the user data.
- Capability inventory: Python execution for calculating totals and generating PDF files using the 'reportlab' library.
- Sanitization: Absent. The provided Python code in Step 3 passes user-controlled strings (e.g., 'description', 'notes') directly into 'Paragraph' objects without escaping or validation.
Audit Metadata