Skills
skills/khanglvm/skills/outline-cli/Gen Agent Trust Hub

outline-cli

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the system shell to execute the outline-cli and outline-agent binaries for all document management and administrative tasks.
  • [DATA_EXFILTRATION]: The tool provides mechanisms for interacting with local files, notably via the documents.import_file command which uses a filePath argument to read data, and the tmp cat command for reading from absolute file paths. It also supports writing output to the file system using the --result-mode file option.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves and interprets content from external Outline documents. \n
  • Ingestion points: Data is pulled into the agent's context through tools like documents.search, documents.info, and comments.list as defined in SKILL.md and tool-playbook.md. \n
  • Boundary markers: There are no instructions for the agent to use delimiters or distinct markers to separate retrieved document content from its internal instructions. \n
  • Capability inventory: The agent can execute shell commands via the CLI, enabling file-read operations and network interaction with the Outline API. \n
  • Sanitization: No explicit sanitization or validation of the retrieved content is required before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 07:18 AM