writing-tech-post
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions involve executing local Python scripts provided within the skill package, such as
scripts/lint-post.pyandscripts/validate-metadata.py. These scripts are used to automate the pre-publishing gate by scanning for 'slop' signatures and validating frontmatter. The scripts use standard Python libraries and operate in a read-only manner on the provided draft files.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to process user-supplied technical drafts. Malicious instructions hidden within these drafts could potentially attempt to override the agent's authoring guidelines or structural constraints. - Ingestion points: Draft files provided to the agent or the linting script (SKILL.md, Phase 6).
- Boundary markers: While the skill uses structured frontmatter, it lacks specific instructions to the agent to disregard potential instructions embedded within the ingested draft prose.
- Capability inventory: The agent can read local files, write markdown output, and execute bundled local Python scripts.
- Sanitization: The provided scripts perform regex-based scanning but do not sanitize the content before the agent processes the draft for narrative and voice tuning.
Audit Metadata