quarto
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.runto interact with external tools likebigquery,quarto, andlancer. These operations are fundamental to its stated purpose of data extraction and document rendering. - [EXTERNAL_DOWNLOADS]: Instructions are provided for installing well-known software packages and extensions (e.g.,
tinytex,chromium,jupyter-cache,great-tables) from official registries and trusted sources like the Quarto organization and GitHub. - [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted data from external sources (BigQuery, CSV, JSON, APIs) which is then rendered into markdown and other formats. While this presents an inherent injection risk common to data reporting tools, no malicious exploitation patterns were detected.
- Ingestion points: External data is fetched via
pd.read_json,pd.read_csv, and CLI tool outputs (SKILL.md). - Boundary markers: The instructions do not explicitly mandate delimiters or escaping for ingested data before interpolation into the final document.
- Capability inventory: The skill uses
subprocess.run, file writing via Quarto render, and shell execution (SKILL.md). - Sanitization: Standard Python libraries are used, but no specific sanitization of the content of ingested data for prompt injection protection is described.
Audit Metadata