report-generator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data processing workflow.
- Ingestion points: External data is ingested via
pd.read_csv()as shown inSKILL.md. - Boundary markers: There are no explicit markers or instructions to isolate the data content from the agent's core instructions.
- Capability inventory: The skill has the ability to write to the file system (
report.html) and execute shell commands. - Sanitization: No sanitization or escaping is applied to the data values before they are rendered into the Jinja2 template.
- [COMMAND_EXECUTION]: The skill instructions suggest using system command execution for report generation.
- Evidence: The documentation recommends using
google-chrome --headless --print-to-pdf=report.pdf report.htmlto convert the generated report into a PDF.
Audit Metadata