writer-context-pack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8). It ingests content from multiple JSONL files (briefs, evidence drafts, anchor sheets) and instructs the agent to treat the resulting context pack as an 'executable checklist' and 'writer contract'. This creates a path where malicious instructions embedded in input data could override agent behavior.
- Ingestion points: outline/subsection_briefs.jsonl, outline/evidence_drafts.jsonl, outline/anchor_sheet.jsonl.
- Boundary markers: Absent. The skill does not define delimiters or use instructions to ignore embedded commands within the merged data.
- Capability inventory: The agent is instructed to follow 'Plan compliance', 'Writer contracts', and 'Minima' based on the ingested data, which directly influences the generation of prose.
- Sanitization: Absent. Data is merged into the output JSONL without escaping or instruction-filtering.
- [COMMAND_EXECUTION] (SAFE): The skill provides instructions to execute a local Python script (
.codex/skills/writer-context-pack/scripts/run.py). The paths are static and local to the repository, and there is no evidence of remote script execution or unsafe command-line construction.
Audit Metadata