realestate-report-pdf
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'reportlab' package using pip. This is a well-known and standard library for PDF generation, sourced from official package registries.
- [COMMAND_EXECUTION]: Shell commands are used to identify and manage property analysis files (e.g.,
ls -t PROPERTY-*.md). These operations are restricted to the local working directory and facilitate the reporting workflow. - [REMOTE_CODE_EXECUTION]: The agent is instructed to execute a local Python script (
generate_realestate_pdf.py) or generate and run Python code inline if the script is missing. This dynamic script generation is used to map local property data into the PDF layout and is standard for this type of automation. - [PROMPT_INJECTION]: The skill processes untrusted data from local analysis files (
PROPERTY-*.md), which presents a surface for indirect prompt injection. - Ingestion points: Multiple Markdown files containing property data.
- Boundary markers: None specified in the instructions.
- Capability inventory: File system access, package installation, and script execution via subprocesses.
- Sanitization: The skill extracts specific data points into a structured JSON payload before PDF generation, which limits the potential for raw input to influence the execution logic.
Audit Metadata