Skills
skills/jonathanleiva15/out-box-skills/outbox-publish/Gen Agent Trust Hub

outbox-publish

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the outbox CLI (formerly pcpub) and curl to interact with the Outbox API. It also provides instructions for configuring automated activity logging by modifying ~/.claude/settings.json and .git/hooks/.- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @out-box/cli tool from the npm registry to provide the necessary local functionality for the agent.- [DATA_EXFILTRATION]: The skill transmits user or agent-generated HTML content to the api.out-box.dev service. Although this is the primary function of the tool, it involves sending local workspace content to an external infrastructure.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection within its 'Read-Modify-Write' workflow, where it reads existing HTML from a remote URL to update and re-publish it.
  • Ingestion points: Remote HTML content fetched from the Outbox API (documented in SKILL.md, Flow 2).
  • Boundary markers: Absent. No delimiters or 'ignore' instructions are suggested to separate the external data from the agent's logic.
  • Capability inventory: Command execution via curl and outbox CLI, and remote write operations via the POST /publish endpoint (documented in SKILL.md, Flow 1 and 3).
  • Sanitization: Absent. The skill focus is on stripping visual templates rather than sanitizing executable or instructional content within the fetched HTML.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 11:55 PM
Security Audit — agent-trust-hub — outbox-publish