Skills
skills/pjt222/development-guides/create-quarto-report/Gen Agent Trust Hub

create-quarto-report

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute quarto render and quarto preview for document generation and previewing. This behavior is necessary for the skill's primary function of creating reports.
  • [EXTERNAL_DOWNLOADS]: The instructions recommend installing the Quarto CLI from its official domain (quarto.org) and using the internal quarto install command for TinyTeX. These are trusted, well-known sources for this technology.
  • [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted data (report topic, audience) and external data (data.csv) and interpolates it into a Quarto document which is subsequently rendered. This creates an indirect prompt injection surface where malicious instructions in the data could be processed by the agent or executed during rendering. Ingestion points: report.qmd (Step 1), data.csv (Step 2). Boundary markers: None. Capability inventory: Bash (Step 5), Write (Step 1). Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:13 AM