reverse-outliner
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The orchestrator script
scripts/reverse-outline.tsusesDeno.Commandto execute various analysis scripts. This requires the--allow-runflag, a high-privilege permission that allows the agent to execute arbitrary system commands, although the script specifically targets local files in thescripts/directory. - EXTERNAL_DOWNLOADS (LOW): The orchestrator script dynamically imports standard modules from
https://deno.land/std@0.208.0/. These are external dependencies retrieved at runtime, which is standard for Deno but represents an external link. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it is designed to ingest and analyze untrusted text files (e.g.,
book.txt). - Ingestion points: The script
scripts/reverse-outline.tsreads theinputFileprovided by the user. - Boundary markers: Absent. The skill does not implement delimiters or 'ignore instructions' markers when passing book content to analysis tools.
- Capability inventory: The orchestration environment has
allow-run,allow-read, andallow-writepermissions across the analysis pipeline. - Sanitization: While the
inferBookNamefunction sanitizes the book's title for safe filesystem use, the actual text content of the book is not sanitized or escaped before processing.
Audit Metadata