collaborative-writing
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill interacts with the local file system to read 'lexicon' files and save drafts using paths constructed from user input.
- Evidence: The skill uses a variable '[job-slug]' provided by the user to build paths such as '
/career-applications/[job-slug]/01-job-analysis.md' and '/career-applications/[job-slug]/05-cover-letter-draft.md'. - Risk: Without sanitization, the '[job-slug]' input could be manipulated (e.g., using '../../') to perform directory traversal, allowing the agent to read or overwrite sensitive files elsewhere in the user's home directory.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the lack of boundary markers for ingested external data.
- Ingestion points: The agent collects 'rough writing' and 'bullet points' directly from the user and reads data from files located in '
/lexicons_llm/' and '/career-applications/'. - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' commands to isolate user-provided content from the agent's core instructions.
- Capability inventory: The agent has permissions to read and write files on the host file system.
- Sanitization: Absent. There is no evidence of validation or filtering for the text provided by the user or read from local files before it is processed by the model.
Audit Metadata