Skills
skills/innosage-llc/draft-skills/draft-cli/Gen Agent Trust Hub

draft-cli

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the draft CLI tool for managing documents, which includes running a background daemon and executing commands for reading, creating, and modifying pages.
  • [EXTERNAL_DOWNLOADS]: Installation of the @innosage/draft-cli package from the npm registry is required. This is an official tool provided by the author (innosage-llc).
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: The draft cat command retrieves content from an external source (draft.innosage.co). 2. Boundary markers: The instructions lack explicit delimiters or safety warnings for the agent when processing retrieved content. 3. Capability inventory: The skill can modify data through append, replace, and patch operations. 4. Sanitization: No sanitization of the external document content is performed before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:59 AM