create-output-format
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses the WebFetch tool to ingest untrusted data from external URLs and interpolates this content into local markdown files. This creates an indirect prompt injection surface where malicious documentation could influence the agent's behavior or poison the generated output formats.
- Ingestion points: Documentation URLs processed via WebFetch in Step 1 of SKILL.md.
- Boundary markers: No delimiters or protective instructions are used when handling external content.
- Capability inventory: The skill creates directories and writes multiple files to the local project structure.
- Sanitization: No sanitization or validation of the external content is performed before template interpolation.
Audit Metadata