skills/adobe/skills/cja-kpi-pulse/Gen Agent Trust Hub

cja-kpi-pulse

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bash commands to write the generated HTML report to the /tmp directory and uses the open command to display the file to the user. This is a functional requirement for its reporting capabilities.\n- [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect injection by processing metric and dimension data from external sources and interpolating them into an HTML template.\n
  • Ingestion points: Data retrieved from runReport, findMetrics, and listComponentUsage.\n
  • Boundary markers: None explicitly defined for the HTML generation phase.\n
  • Capability inventory: The skill can write files to /tmp and execute the open command.\n
  • Sanitization: The skill provides logic for number and currency formatting, although it does not explicitly specify escaping for text-based dimension values during HTML assembly.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 11:50 PM
Security Audit — agent-trust-hub — cja-kpi-pulse