PDF Generator
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill functions purely as a documentation resource providing reference code for PDF generation.
- [PROMPT_INJECTION]: The skill contains Python code snippets (found in
templates.mdandadvanced.md) that use f-strings and string interpolation to build HTML templates. This identifies a surface for indirect prompt injection if an agent uses these patterns to process untrusted external data. - Ingestion points: Functions such as
generate_invoice,generate_resume, andbatch_generateaccept data objects that are directly interpolated into HTML structures. - Boundary markers: No specific delimiters or instructions are provided in the documentation to warn the agent about untrusted data input.
- Capability inventory: The snippets use standard file-writing capabilities (
weasyprint.write_pdf,pypdf.PdfWriter.write) necessary for PDF creation. - Sanitization: The provided examples do not include HTML escaping or sanitization of the interpolated data variables.
Audit Metadata