research-report
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a file named
generate_report.pyand executes it using thepythoncommand. This dynamic script creation and execution allows the agent to run arbitrary code locally.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of research results stored in JSON files. Evidence Chain: 1. Ingestion points: The skill reads multiple JSON result files from a research output directory. 2. Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating data into the generated script or report. 3. Capability inventory: The skill has the capability to write files, generate Python code, and execute shell commands. 4. Sanitization: The script requirements specify skipping values containing '[uncertain]', but there is no general-purpose sanitization or escaping to prevent malicious data from manipulating the generated script's logic or the report's content.
Audit Metadata