ta-research-AFP
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes an embedded Python script via a Bash heredoc (`python3
- << 'PYEOF'`) in Checkpoint 12. This script consolidates various project files into a final Word or Markdown document. It performs local file system operations, including reading files and writing the assembled draft. While the script performs sanitization on the output filename derived from project metadata, executing generated code remains a medium-risk pattern.
- [EXTERNAL_DOWNLOADS]: The skill recommends that the user install the
python-docxandpypandoclibraries viapipto enable document conversion features. These are well-known packages, but the manual installation recommendation is documented for visibility. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external content from search results and user-provided interview materials.
- Ingestion points: Project configuration (
CLAUDE.md), interview data (Checkpoint 3), and external search results (Checkpoint 1). - Boundary markers: Absent; there are no instructions to distinguish between the skill's logic and potentially malicious content in the processed data.
- Capability inventory: The skill can execute scripts and write to the local file system (Checkpoint 12).
- Sanitization: No validation or sanitization of the external data is performed before it is used in the workflow.
Audit Metadata