chapter-briefs

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted content from user-provided files directly into the generated chapter briefs.\n
  • Ingestion points: The skill reads input from outline/outline.yml, outline/subsection_briefs.jsonl, and GOAL.md.\n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the generated output.\n
  • Capability inventory: The associated Python script (scripts/run.py) performs file read and write operations within the local workspace directory.\n
  • Sanitization: The script includes validation to prevent placeholder tokens (like TODO or ellipsis) but lacks logic to sanitize or escape potentially malicious instructions in the source text.\n- [COMMAND_EXECUTION]: The skill instructions prompt for the execution of a local Python script scripts/run.py to process the project outline and generate the resulting data.\n- [DATA_EXFILTRATION]: The script accesses and reads configuration and content files from the local filesystem within the provided workspace directory to perform its mapping and synthesis tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:59 PM
Security Audit — agent-trust-hub — chapter-briefs