Skills
skills/edwinhu/workflows/writing-outline-reviewer/Gen Agent Trust Hub

writing-outline-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted document content and interpolating it into prompts and status files without sanitization.
  • Ingestion points: The skill reads and processes contents from .planning/OUTLINE.md, .planning/PRECIS.md, and the outlines/ directory.
  • Boundary markers: Absent. Untrusted content is interpolated directly into the subagent dispatch prompt and the final .planning/OUTLINE_REVIEWED.md file without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The reviewer subagent is restricted to Read, Grep, and Glob tools. The primary agent utilizes Agent and Write tools (notably, Write is used in the instructions despite being omitted from the frontmatter's allowed-tools restriction).
  • Sanitization: Absent. No evidence of validation, escaping, or filtering of external data was found before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:02 PM