outline
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection. It reads document content from the wiki, which could contain malicious instructions designed to hijack the agent's logic. * Ingestion points: scripts/outline.py (read and search commands). * Boundary markers: Absent; no specific instructions or delimiters are used to sequester wiki content from the agent's instructions. * Capability inventory: scripts/outline.py (create, update, and export commands provide write access to the wiki and local filesystem). * Sanitization: Absent; content is processed without filtering or validation.
- Data Exposure & Exfiltration (SAFE): The skill correctly uses environment variables for the OUTLINE_API_KEY. No hardcoded credentials or unauthorized network exfiltration patterns were detected.
Audit Metadata