chapter-briefs
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted content from user-provided files directly into the generated chapter briefs.\n
- Ingestion points: The skill reads input from
outline/outline.yml,outline/subsection_briefs.jsonl, andGOAL.md.\n - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the generated output.\n
- Capability inventory: The associated Python script (
scripts/run.py) performs file read and write operations within the local workspace directory.\n - Sanitization: The script includes validation to prevent placeholder tokens (like TODO or ellipsis) but lacks logic to sanitize or escape potentially malicious instructions in the source text.\n- [COMMAND_EXECUTION]: The skill instructions prompt for the execution of a local Python script
scripts/run.pyto process the project outline and generate the resulting data.\n- [DATA_EXFILTRATION]: The script accesses and reads configuration and content files from the local filesystem within the provided workspace directory to perform its mapping and synthesis tasks.
Audit Metadata