long-form-writer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external JSON sources and interpolates it into Markdown templates, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: The
scripts/generate.pyfile reads user-supplied data from files specified via the--dataand--casescommand-line arguments. - Boundary markers: Content from the JSON sources is embedded directly into the generated document without any delimiters or specific instructions to the agent to ignore potentially malicious instructions within the data.
- Capability inventory: The script is limited to string formatting and local file operations (reading inputs and writing the output file). No network access, subprocess execution, or dynamic code evaluation (such as
evalorexec) was found. - Sanitization: No logic is present to sanitize, escape, or validate the text fields extracted from the input JSON before they are included in the final output.
Audit Metadata