Offer Letter Generator
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and associated tools are consistent with the stated purpose of generating HR documents. No evidence of malicious behavior, data exfiltration, or persistence was found.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it incorporates untrusted candidate data into generated documents.
- Ingestion points: Candidate data fields in SKILL.md, including Candidate Name, Job Title, and Compensation.
- Boundary markers: The templates use bracketed placeholders such as [Candidate Name] to separate input from the fixed text.
- Capability inventory: All capabilities are limited to document processing via the office-mcp server tools: create_docx, fill_docx_template, and docx_to_pdf.
- Sanitization: The skill lacks explicit sanitization or validation logic for the user-provided input fields.
Audit Metadata