compose
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates entirely within a local file-based workspace (
./writing-workspace/), reading style configurations and writing draft outputs. It does not access sensitive system paths or user credentials. - [SAFE]: No network requests, external downloads, or remote code execution patterns were detected. All operations are confined to the agent's local environment.
- [PROMPT_INJECTION]: Surface for indirect prompt injection identified. The skill processes user-provided reference articles (Reference Mode) and local material files without specific boundary markers or instructions to disregard embedded commands in the source data. This could allow maliciously crafted reference text to influence the agent's behavior during the composition process.
- Ingestion points: SKILL.md (Reference Mode processes user-provided articles),
./writing-workspace/materials/index.json. - Boundary markers: Absent. The skill does not instruct the agent to use delimiters for input text.
- Capability inventory: File read/write access within the local workspace; no system-level execution or network capabilities.
- Sanitization: None specified for input text processing.
Audit Metadata