outline-budgeter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on structural optimization and contain no bypass markers, role-play injections, or attempts to override agent safety protocols.
- [Data Exposure & Exfiltration] (SAFE): File access is restricted to project-specific markdown and YAML files (e.g.,
outline/outline.yml). There are no network operations or calls to external domains. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages are requested, and there are no patterns involving remote script execution or dynamic code evaluation.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from local files like
queries.mdandoutline/outline.yml. While these are potential ingestion points for malicious instructions, the skill's capability is limited to rewriting localized outline files with no downstream command or network execution. Evidence Chain: - Ingestion points:
outline/outline.yml,queries.md,outline/mapping.tsv,outline/coverage_report.md,GOAL.md. - Boundary markers: Absent.
- Capability inventory: Local file reading and writing within the
outline/directory. - Sanitization: Absent.
- [Command Execution] (SAFE): The workflow is purely text-based and does not involve spawning subprocesses or executing shell commands.
Audit Metadata