ads-report-pdf
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to search for existing analysis files (
ls ADS-*.md) and run the PDF generation logic (python3 ~/.claude/skills/ads/scripts/generate_ads_pdf.py). It also checks for the existence of specific scripts in the user's home directory. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
reportlablibrary from the Python Package Index (PyPI) to support the PDF generation functionality. This is a well-known service for Python dependencies. - [PROMPT_INJECTION]: The skill processes content from multiple local Markdown files (
ADS-*.md) to extract data for the report. This presents a surface for indirect prompt injection. - Ingestion points: Reads
ADS-*.mdfiles from the current working directory. - Boundary markers: None provided to isolate untrusted file content from instructions.
- Capability inventory: Subprocess execution via shell commands (
ls,python3) and script generation. - Sanitization: No validation or sanitization is performed on the extracted data before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill instructs the agent to dynamically generate a Python script at runtime if the primary generation file is not found, which is then executed to render the PDF document.
Audit Metadata