invoice-generator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to run
npm install, which fetches dependencies from the well-known npm registry. - [COMMAND_EXECUTION]: The skill relies on a shell script
generate.shand system binaries such asnode,jq, andweasyprintto process JSON data and generate output files. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its handling of external JSON data.
- Ingestion points: Data enters the agent context via stdin, local file paths, or as pre-saved configuration files in the
$INVOICE_DIR/configs/directory. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are mentioned to protect against instruction injection within the JSON fields.
- Capability inventory: The skill has the capability to execute shell scripts, perform filesystem operations, and run powerful command-line tools like
jqandweasyprint. - Sanitization: The documentation does not specify any sanitization or validation logic used to prevent malicious input from affecting the behavior of the execution environment or subprocesses.
Audit Metadata