writer-agent
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/setup.shfile fetches theuvinstaller fromhttps://astral.sh/uv/install.sh. This is a well-known service for Python development tools. - [REMOTE_CODE_EXECUTION]: The
scripts/setup.shscript pipes the downloaded installer fromastral.shdirectly into the shell for execution. This is the standard installation procedure for this trusted tool. - [COMMAND_EXECUTION]: The skill executes local Python scripts and the
yt-dlpmodule to extract document structure and video metadata. These operations are conducted using standard subprocess calls and are essential to the primary task of document conversion and article generation. - [PROMPT_INJECTION]: The skill processes untrusted external content (PDFs, EPUBs, Web URLs, and YouTube transcripts), which presents a surface for indirect prompt injection. * Ingestion points: External data enters the system through
scripts/convert_to_markdown.pyandscripts/youtube_handler.py. * Boundary markers: The prompts defined inreferences/article-writer-prompt.mdand the tier-specific workflow files use line range delimiters (L{start}-{end}) and section identifiers ([Sxx]) to separate source content from instructions. * Capability inventory: The skill has the capability to spawn subagents via theTasktool and write files to the local disk using theWritetool. * Sanitization: While content is converted to markdown and delimited, no specific sanitization or filtering of adversarial instructions within the source text is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata