outlit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various 'outlit' CLI commands to retrieve customer profiles, timelines, and perform natural language searches against interaction history.
- [EXTERNAL_DOWNLOADS]: The skill utilizes vendor-provided packages including the official @outlit/cli Node.js package and a Homebrew tap (outlitai/tap/outlit) for installation.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted customer interaction data, such as conversation transcripts and web signals.
- Ingestion points: External data enters the agent context via 'outlit search' and 'outlit timeline' commands which retrieve raw interaction content.
- Boundary markers: The skill outputs structured JSON and includes source attribution, though it does not explicitly define boundary delimiters to prevent the agent from obeying instructions hidden within retrieved customer data.
- Capability inventory: The skill can execute CLI commands, run read-only SQL queries via 'outlit sql', and modify agent configurations using 'outlit setup'.
- Sanitization: There is no evidence of content sanitization or instruction-filtering for the retrieved customer interactions described in the documentation.
Audit Metadata