univer-worklog-report
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as prompt injection, data exfiltration, or unauthorized command execution were detected. The skill correctly limits its behavior to generating personal work reports.
- [PROMPT_INJECTION]: The skill ingests untrusted data from personal logs and work items to generate HTML reports. This is an indirect prompt injection surface; however, there are no instructions present to bypass safety filters or execute malicious actions. Evidence: Data is ingested from 'personal log', 'People', and 'WorkItems' without specified sanitization or boundary markers in this file, but no exploitable capabilities are exposed.
Audit Metadata