structured-output-fabric
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it concatenates untrusted input text directly into LLM prompts.
- Ingestion points: Untrusted source text is ingested and processed in
SKILL.md(Step 4 and 5) andexamples/example_workflow.sh(Step 3). - Boundary markers: The skill uses simple newline separators and plaintext headers (e.g., '## User Messages:'), which do not provide robust isolation between instructions and data.
- Capability inventory: The skill utilizes shell command execution (bash, jq, fabric, sed) and filesystem writes, as documented in
SKILL.md,examples/example_workflow.sh, andscripts/extract_json_from_llm.sh. - Sanitization: No input sanitization or escaping is performed before the data is included in the model prompts.
- [COMMAND_EXECUTION]: The skill performs automated execution of system commands and local scripts to achieve its workflow.
- It invokes the
fabricCLI tool for both prompt improvement and querying the LLM. - It executes the local bash script
scripts/extract_json_from_llm.shto handle structured data extraction. - It relies on standard utilities including
jqfor output validation andsedfor text manipulation within its automated steps.
Audit Metadata