draft-agent-loop
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
draftCLI to manage remote pages, including starting a server daemon (draft start-server --runtime v2), creating pages, and appending content. These commands are fundamental to the skill's stated purpose of human-agent collaboration.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the@innosage/draft-clipackage via npm. This package is a vendor resource belonging to the skill's author, 'innosage-llc'. It also references an external dependencytoliuweijing/draft-headless-pageshosted onclawhub.ai.\n- [DATA_EXFILTRATION]: The skill transmits project context, task plans, and execution logs to a remote service (clawhub.ai). To mitigate risk, the instructions explicitly forbid the inclusion of credentials, secrets, or personally identifiable information (PII) in the published content.\n- [PROMPT_INJECTION]: The skill processes user-provided inputs like task names and context and interpolates them into templates. This creates an indirect prompt injection surface where a malicious user could provide input designed to influence the behavior of the agent or other tools that consume the resulting Draft pages.\n - Ingestion points: User-provided task names and context descriptions in
SKILL.md.\n - Boundary markers: None present around the interpolated content.\n
- Capability inventory: Shell command execution via the
draftCLI tool.\n - Sanitization: No explicit sanitization or validation of the user-provided strings is mentioned.
Audit Metadata