writing-design
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's instructions and structure are designed for text-based drafting and organization. No malicious patterns, such as prompt injection, data exfiltration, or obfuscation, were identified in the instructions or metadata.
- [COMMAND_EXECUTION]: The skill includes a shell script (
evals/run-static-checks.sh) that executes a local Python script (check-skill-static.py) to validate the skill's structure and metadata. This is a standard development-time validation tool and does not present a runtime security risk to the user. - [INDIRECT_PROMPT_INJECTION]: The skill ingests user notes and descriptions to produce structured drafts and outlines. While this creates a surface for indirect prompt injection, the risk is negligible as the skill only generates text output and does not invoke high-privilege tools.
- Ingestion points: User-provided descriptions or notes used in the
structure,draft, andpersuadeworkflows. - Boundary markers: The templates (e.g.,
templates/outline-plan.md) do not use explicit delimiters to isolate user-provided content from instructions. - Capability inventory: The skill's primary function is to emit structured text based on templates; it does not request network access or operations on sensitive files.
- Sanitization: No input sanitization or filtering of user content is performed before interpolation into templates.
Audit Metadata