software-copyright-writer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell execution via subprocess calls to coordinate tasks between Python components and Node.js scripts. This is part of the internal orchestration and does not expose arbitrary command injection to users.
- [EXTERNAL_DOWNLOADS]: Users are directed to install standard, well-known dependencies such as Playwright and python-docx from official package registries to support browser automation and document formatting.
- [DATA_EXFILTRATION]: The skill aggregates information from user-provided URLs and local directories. While this data is used to generate local documentation, the capability to access arbitrary network resources via Playwright is a significant functional surface.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted content from external code repositories and websites to generate software descriptions. Evidence: 1. Ingestion points: Web content scraped via Playwright and local source files. 2. Boundary markers: The skill instructions define specific formal language requirements to distinguish copyright material from internal analysis. 3. Capability inventory: Includes shell command execution, browser automation, and file system access. 4. Sanitization: Input content is serialized but not sanitized for embedded instructions.
Audit Metadata