report-generation
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data processing and rendering workflow.
- Ingestion points: The skill ingests data in JSON, CSV, YAML, and API response formats as described in Workflow Step 1 of
SKILL.md. - Boundary markers: The instructions do not define boundary markers or explicit warnings for the agent to ignore embedded instructions within the source data.
- Capability inventory: The skill uses powerful rendering tools like Puppeteer or WeasyPrint (Workflow Step 5) to generate HTML and PDF files, which can execute embedded JavaScript or CSS if the source content is malicious.
- Sanitization: There is no mention of sanitizing, escaping, or validating the input data before it is interpolated into templates or rendered to final outputs, allowing potentially harmful instructions to reach the rendering engine.
- [DATA_EXFILTRATION]: The skill's usage pattern facilitates potential unauthorized data exposure.
- Evidence: The prompt format in the "Usage" section of
SKILL.mdencourages the user to provide a "path to JSON/CSV file". Without strict validation or sandboxing of these paths, an attacker could supply sensitive system file paths (e.g., environment files or credentials) to be read and included in the generated report.
Audit Metadata