Skills
skills/willoscar/research-units-pipeline-skills/section-briefs/Gen Agent Trust Hub

section-briefs

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/run.py) to automate the generation of section briefs. This script is invoked via a CLI command and operates on files within a specified workspace.
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection because it processes content from external data files (outline/chapter_skeleton.yml, outline/section_bindings.jsonl, and GOAL.md) which may be user-controlled or originate from untrusted sources.
  • Ingestion points: Data is read from skeleton_path, bindings_path, and goal_path in scripts/run.py.
  • Boundary markers: Absent; the script does not use delimiters or include instructions for the agent to ignore embedded commands within the processed data.
  • Capability inventory: The skill possesses file-system read and write capabilities within the provided workspace context.
  • Sanitization: No input validation or sanitization is performed on the ingested content beyond standard JSON encoding for the output files.
  • [DYNAMIC_EXECUTION]: The script scripts/run.py dynamically modifies the Python search path (sys.path) to resolve and import the tooling.common module relative to the repository root. While used for local dependency management, this involves runtime path computation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:59 PM