appendix-table-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The script
scripts/run.pyperforms dynamic path manipulation usingsys.path.insert(0, str(repo_root))with a path computed from the file location. This is used to resolve internal dependencies. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from multiple external files like .jsonl and .bib. 1. Ingestion points:
outline/subsection_briefs.jsonl,outline/evidence_drafts.jsonl,outline/anchor_sheet.jsonl, andcitations/ref.bib. 2. Boundary markers: None specified in prompt instructions. 3. Capability inventory: Local file read/write within workspace viascripts/run.py. 4. Sanitization: None specified before interpolation into agent context. - Path Traversal Risk (MEDIUM): The validator script accepts an
--outputsargument which is used to construct a file path for reading without explicit validation against traversal patterns, potentially allowing access to files outside the intended workspace directory.
Audit Metadata