outlining

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows established research workflows and involves standard file management within a project directory (.writing/). No malicious intent or security bypasses were found.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with the Zotero API via the zotero_get_collection_items MCP tool to retrieve bibliographic metadata (abstracts and DOIs). This is a well-known service integration and is used as intended for research automation.\n- [COMMAND_EXECUTION]: The instructions describe interactions with local Python and Shell scripts (hooks/enforce-claims.py and hooks/enforce-terms.sh) that act as pre-execution gates for file writes. These are part of a 'claim-first' security and quality protocol rather than arbitrary or dangerous command execution.\n- [SAFE]: A potential indirect prompt injection surface exists where the agent processes external bibliographic data (abstracts) from Zotero and incorporates it into local files. However, this is a standard data-processing function, and no exploitable capability chain was identified.\n
  • Ingestion points: zotero_get_collection_items tool output (SKILL.md Step 5).\n
  • Boundary markers: None explicitly defined for YAML output.\n
  • Capability inventory: File writing to .writing/claims/ and .writing/outline.md.\n
  • Sanitization: None explicitly defined for Zotero abstract content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — outlining