outline-writer
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from user-provided files and web search results. Ingestion points: user-provided text/files and results from WebSearch. Boundary markers: Absent. Capability inventory: File system read/write and network access via WebSearch. Sanitization: Absent.
- [DATA_EXFILTRATION]: Potential data exposure risk exists during the research phase as keywords from the input content are used in automated web search queries, which could leak sensitive information to external search engines.
- [COMMAND_EXECUTION]: The skill performs automated file system operations, reading user-specified paths and writing documents to the local environment as part of its core functionality.
- [NO_CODE]: No external script files or executable code dependencies are included with this skill; all logic is defined in instruction files.
Audit Metadata