The Agent Skills Directory

[DATA_EXFILTRATION]: The skill handles a logo_path variable that is interpolated directly into an <img> source. In environments using mPDF, this can be exploited to perform Local File Inclusion (LFI) or Server-Side Request Forgery (SSRF) if the path is not strictly validated. Additionally, the JavaScript openReportPrint function performs a fetch with credentials: "include" to an arbitrary URL, which could lead to session or credential leakage if the URL is manipulated.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its report generation workflow (Category 8).
Ingestion points: External data is ingested via the $meta array, $tableHtml, and $summaryHtml parameters in the ReportHtmlTemplate class.
Boundary markers: There are no delimiters or specific instructions provided to the agent or the rendering engine to isolate untrusted data from the template structure.
Capability inventory: The skill generates code capable of file system access (for logos) and dynamic HTML rendering in both PHP and browser contexts.
Sanitization: While some metadata fields use htmlspecialchars, the primary content blocks ($tableHtml and $summaryHtml) are interpolated raw into the HTML output, allowing for arbitrary content injection.
[COMMAND_EXECUTION]: The provided JavaScript helper uses document.write(html) to render content fetched from a remote source. This pattern is dangerous as it allows for the execution of arbitrary scripts (XSS) if the source HTML contains malicious <script> tags or other executable content.

report-print-pdf