python-document-generation
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as hardcoded credentials, obfuscated commands, or unauthorized data exfiltration, were detected across the skill's instructions and reference files. All code snippets follow professional engineering standards and focus on the stated goal of document generation.
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources (tenant metadata, database records) to generate document artifacts, creating an indirect prompt injection surface.
- Ingestion points: Report data loaded from DataFrames or SQL queries, and tenant-provided metadata such as names, logos, and taglines used for branding.
- Boundary markers: The skill does not define unique boundary markers for untrusted data, relying on standard agent context separation.
- Capability inventory: Includes extensive file system writes (Excel, Word, PDF generation) and network operations (S3 pre-signed URL generation and object storage interaction).
- Sanitization: Employs defensive measures such as filename sanitization using regex and the python-slugify library, and utilizes Jinja2 with select_autoescape for HTML-to-PDF pipelines.
Audit Metadata