writing-shape
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill performs read and write operations on local files, which is necessary for its core function of processing raw material into an article. It does not access sensitive system paths (like .ssh or .aws) and contains no network exfiltration logic.
- [PROMPT_INJECTION]: The instructions provide a clear operational framework and persona without attempting to bypass safety filters or override system constraints.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from a markdown 'pile' provided by the user. While this creates a surface for indirect prompt injection, the instructions specifically guide the agent to 'mine' fragments and rework them, which helps maintain the agent's focus on the writing task rather than executing instructions embedded in the raw text.
- Ingestion points: Raw material file (processed in full).
- Boundary markers: None explicitly defined in the prompt.
- Capability inventory: File system read/write access.
- Sanitization: None, but instructions focus on rewriting and paraphrasing content into a single voice.
Audit Metadata