template-engine
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute package installation and script execution for document generation.
- Evidence: Instructions include
pip install docxtpl openpyxl,pip install weasyprint, and several Python scripts for file processing. - Context: These are standard operations for the stated purpose of a template engine and use well-known, legitimate libraries.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (CSV, JSON, Spreadsheets) and injects it directly into templates (Jinja2, docxtpl).
- Ingestion points:
SKILL.md(e.g.,open(csv_path),json.load(f),csv.DictReader(f)). - Boundary markers: None present in the code snippets to separate data from instructions.
- Capability inventory: File system write access (
doc.save(),out.write(),write_pdf()). - Sanitization: The guidelines mention sanitizing user-provided data, but the provided code examples do not implement specific sanitization or escaping logic before rendering.
- Risk: If a CSV or JSON file contains malicious instructions (e.g., markdown injection or HTML-based prompt injection), the generated documents could influence the behavior of the agent reading them or lead to cross-site scripting (XSS) if the HTML output is rendered in a browser.
Audit Metadata