agency-report-pdf
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script located at
~/.claude/skills/agency/scripts/generate_agency_pdf.pyto process data and render a PDF. This is the primary intended functionality for the report generation pipeline. - [EXTERNAL_DOWNLOADS]: The skill suggests installing the
reportlabpackage viapip3if it is not already present on the system.reportlabis a well-known and standard library used for PDF creation in Python. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external markdown files (e.g.,
AGENCY-ONBOARD-*.md,MARKETING-AUDIT*.md) to build a JSON payload. - Ingestion points: Reads markdown audit files from the current working directory.
- Boundary markers: None explicitly defined for the file content.
- Capability inventory: Includes shell execution (
python3,pip3) and file writing (agency_data.json). - Sanitization: The skill instructions mandate selective field extraction (e.g., scores, specific headings) and proper JSON string escaping, which reduces the risk of the agent interpreting data as instructions.
Audit Metadata