Skills
skills/sanjay3290/postgres-skill/outline/Gen Agent Trust Hub

outline

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from an external wiki, creating a surface for indirect prompt injection. \n
  • Ingestion points: Document content is retrieved and integrated into the agent's context through the read, search, and list-documents commands in scripts/outline.py. \n
  • Boundary markers: The skill does not implement delimiters or provide explicit instructions to the agent to distinguish between wiki data and system instructions. \n
  • Capability inventory: The agent has the ability to write to the wiki (create, update commands) and write markdown files to the local file system (export command), which could be leveraged if an injection attack is successful. \n
  • Sanitization: No sanitization, escaping, or structural validation is performed on the markdown content fetched from the API before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 02:02 PM