chapter-lead-writer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Obfuscation (MEDIUM): Hex escapes (
\x27) were detected in the description and workflow steps. While these decode to standard apostrophes ('), the use of hex encoding for punctuation matches Category 3 patterns and requires review for potential obfuscation of intent. - Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests external content to influence agent output.
- Ingestion points: Processes data from
outline/outline.yml,outline/chapter_briefs.jsonl,outline/writer_context_packs.jsonl, andcitations/ref.bib. - Boundary markers: Absent. The instructions do not provide the agent with specific delimiters or warnings to treat external file content as non-executable data.
- Capability inventory: The agent has the capability to write to the local file system at
sections/S<sec_id>_lead.md. - Sanitization: The skill performs basic validation for citation keys against a reference bibliography, but does not sanitize the primary prose content ingested from JSONL/YAML files.
Audit Metadata