article-outliner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill creates a significant Indirect Prompt Injection surface by accepting user materials and using them to guide analysis and writing sub-agents without any safety boundaries.
- Ingestion points: User-provided text referred to as 'materials' (素材) is ingested and saved directly to the file system.
- Boundary markers: Absent. The instructions do not specify the use of delimiters, XML tags, or 'ignore instructions' warnings to isolate user content from the agent's logic.
- Capability inventory: The skill has the capability to write files (e.g., source files, outlines, and drafts) and invoke other agents via the
Tasktool. - Sanitization: Absent. There is no logic to sanitize or validate the external content before it is processed by the analysis and writing stages, allowing malicious instructions to potentially hijack the workflow.
Recommendations
- AI detected serious security threats
Audit Metadata