outliner
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted external data (user articles/tweets) which is then used to drive further agent actions and sub-tasks. Ingestion points: External content is received and saved to 'source-1.md' (SKILL.md, Step 0). Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the user material. Capability inventory: The skill performs file system writes and invokes external sub-agents ('writer-agent') using the 'Task' tool (SKILL.md, Step 4). Sanitization: Absent; the content is passed directly to analysis and writing agents without validation.
- File System Operations (SAFE): The skill creates directories and saves markdown files to 'posts/YYYY/MM/DD/[slug]/'. This is a standard capability required for the skill's stated purpose of content management and does not show signs of malicious path traversal or sensitive file access.
Audit Metadata