outlining
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows established research workflows and involves standard file management within a project directory (.writing/). No malicious intent or security bypasses were found.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with the Zotero API via the zotero_get_collection_items MCP tool to retrieve bibliographic metadata (abstracts and DOIs). This is a well-known service integration and is used as intended for research automation.\n- [COMMAND_EXECUTION]: The instructions describe interactions with local Python and Shell scripts (hooks/enforce-claims.py and hooks/enforce-terms.sh) that act as pre-execution gates for file writes. These are part of a 'claim-first' security and quality protocol rather than arbitrary or dangerous command execution.\n- [SAFE]: A potential indirect prompt injection surface exists where the agent processes external bibliographic data (abstracts) from Zotero and incorporates it into local files. However, this is a standard data-processing function, and no exploitable capability chain was identified.\n
- Ingestion points: zotero_get_collection_items tool output (SKILL.md Step 5).\n
- Boundary markers: None explicitly defined for YAML output.\n
- Capability inventory: File writing to .writing/claims/ and .writing/outline.md.\n
- Sanitization: None explicitly defined for Zotero abstract content.
Audit Metadata