create-output-format
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external documentation to generate instructions for other agents, creating an indirect prompt injection surface.\n
- Ingestion points: External URLs provided by users and processed by the
WebFetchtool as described inSKILL.md.\n - Boundary markers: Absent. No instructions are provided to the agent to distinguish between documentation content and potential embedded malicious instructions.\n
- Capability inventory: The skill writes markdown files (
authoring.md,reading.md,updating.md,graph.md,about.md) to the local filesystem atskills/technical-planning/references/output-formats/{format-key}/. These files define logic for task creation, extraction, and graph building for downstream agents.\n - Sanitization: Absent. Content from external documentation is directly used to replace placeholders in scaffolding templates without validation or escaping.
Audit Metadata