blog-outline
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web via search tools.
- Ingestion points: Step 2 involves using
WebSearchandWebFetchto analyze top-ranking competitors. - Boundary markers: The instructions do not define clear delimiters or specify that external content should be treated as data only, lacking explicit 'ignore instructions' guards.
- Capability inventory: The agent has the ability to read from the web and write to the local file system (e.g., creating the
outlines/directory and saving.mdfiles). - Sanitization: There is no mention of sanitizing or escaping the content retrieved from external websites before processing it.
- [COMMAND_EXECUTION]: The skill performs file system operations to manage its output.
- Evidence: In Step 5, the skill is instructed to 'Save the outline to outlines/[slug]-outline.md' and 'If the outlines/ directory does not exist, create it.' These are routine operations for a content generation skill but involve direct interaction with the host environment's file system.
Audit Metadata