output-style-authoring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to write files into sensitive configuration paths like ~/.claude/output-styles/. While intended for persona management, this provides a mechanism for modifying agent environment settings.
- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant indirect prompt injection surface. 1. Ingestion points: Reads local markdown templates (e.g., minimal-template.md) and processes user input via AskUserQuestion. 2. Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands in the templates. 3. Capability inventory: Bash (file-write), Read, Grep, Glob. 4. Sanitization: Absent; content from external templates is incorporated into new output styles without validation. Per the capability tiering in Category 8, the combination of external file ingestion and write capabilities warrants a HIGH severity rating.
Recommendations
- AI detected serious security threats
Audit Metadata