Skills
skills/microsoft/hve-core/customer-card-render/Gen Agent Trust Hub

customer-card-render

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • External Software Installation: The skill suggests installing the uv package manager using an official installation script from Astral. This is a common setup step for Python development environments.
  • Data Ingestion Surface: The core logic in scripts/generate_cards.py processes markdown files provided by the user. If these files originate from untrusted sources, they could contain content designed to influence the behavior of the agent when it later processes the generated outputs.
  • Script Execution: The skill's primary operation involves running a Python script to process data and a PowerShell script to build the final PowerPoint file. This is consistent with its purpose as a rendering pipeline.
  • Dynamic Loading in Test Harness: The provided test files use Python's importlib to load the application code. This allows the tests to verify the script's logic in an isolated manner.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 11:58 AM