post-outliner
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and act upon a 'topic brief' provided by the user, which constitutes untrusted input.
- Ingestion points: Untrusted data enters the agent context through the topic brief mentioned in Phase 1 (ASSESS) and Phase 3 (GENERATE) of the instructions in SKILL.md.
- Boundary markers: The skill uses specific markdown section headers (e.g., 'OUTLINE: [Working Title]') which provide minimal isolation from instructions that could be embedded within the user's brief.
- Capability inventory: The skill's configuration in SKILL.md grants access to powerful system tools including Bash, Task, Write, and Edit.
- Sanitization: There are no instructions or mechanisms provided to sanitize the user input or to direct the agent to ignore any embedded commands within the topic brief.
Audit Metadata