invoice
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves standard Python libraries (weasyprint, pyyaml, jinja2) from the official Python Package Index (PyPI) using the uv tool at runtime.
- [COMMAND_EXECUTION]: The agent executes a bundled Python script (generate-invoice.py) to transform YAML configuration data into a PDF invoice.
- [SAFE]: The skill processes client YAML files and user input to generate documents. Ingestion points: clients directory and command-line arguments. Boundary markers: none. Capability inventory: file system read/write for configuration and PDF output. Sanitization: safe YAML loading and slugification of filenames. No malicious behavior or exfiltration was detected.
Audit Metadata