pro-report-builder
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches typography assets from the Fontshare CDN (api.fontshare.com) to provide professional fonts. This is a common and safe practice for web-based document generation.\n- [COMMAND_EXECUTION]: Provides documentation for a command-line PDF export process using Google Chrome's headless mode, which is a standard utility for the skill's primary function.\n- [PROMPT_INJECTION]: The skill is designed to ingest external data for report generation, creating a surface for indirect prompt injection. However, this is inherent to its intended purpose as a reporting tool and is handled safely by following the provided templates.\n
- Ingestion points: User-provided metrics and data exports (SKILL.md).\n
- Boundary markers: Not explicitly required in instructions.\n
- Capability inventory: HTML file creation and shell command documentation.\n
- Sanitization: No specific sanitization requirements are mandated for the static templates.
Audit Metadata