draft-cli
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'draft' CLI tool to execute operations like listing, reading, and patching documents, as well as managing a local connection daemon via 'start-server' and 'stop-server' commands.
- [EXTERNAL_DOWNLOADS]: The skill installs the '@innosage/draft-cli' package from npm. This package is provided by the vendor 'innosage-llc' and is required for the skill's functionality.
- [PROMPT_INJECTION]: The skill ingests untrusted data from Draft pages when using the 'cat' or 'comments' commands, creating a surface for indirect prompt injection. 1. Ingestion points: 'draft page cat', 'draft page comments', and 'draft public-comments' (SKILL.md). 2. Boundary markers: No explicit instructions are given to the agent to ignore instructions embedded in the document content. 3. Capability inventory: The skill can execute various 'draft' commands that modify documents, manage local processes, and publish content to the web. 4. Sanitization: While the skill suggests stripping editor markers using 'sed', it does not include sanitization for potential malicious instructions.
Audit Metadata