article-refactor
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from user-provided drafts or articles, which creates a potential surface for indirect prompt injection.
- Ingestion points: Files read from paths specified in the
<source-path>argument or provided interactively during the extraction phase. - Boundary markers: The instructions define a structured 'Inventory template' and mandate a transformation process that separates source content from the agent's task logic.
- Capability inventory: The skill performs local file system read operations for source material and write operations for generating metadata files (INVENTORY.md, SKELETON.md) and draft revisions.
- Sanitization: The methodology explicitly instructs the agent to record information units rather than prose expression and to strip away the source's rhetoric, acting as a semantic filter against embedded instructions.
Audit Metadata