narrative-resonance-monitor
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, presenting a surface for indirect prompt injection attacks.
- Ingestion points: External data from news mentions, social media, and AI search engine responses are ingested via scripts in the
scripts/connectors/directory (tavily.py,gdelt.py,bluesky.py,pageviews.py), as well as user-provided analytics exports. - Boundary markers: The skill contains a specific security instruction requiring the agent to treat all ingested data as untrusted and to specifically disregard any instructions or commands embedded within that data.
- Capability inventory: The skill's capabilities are limited to reading positioning statements from
memory/narrative-registry/canon.md, writing resonance reports tomemory/narrative/narrative-resonance-monitor/, and executing specified local data-fetching scripts. - Sanitization: The skill relies on behavioral instructions for the agent (ignoring embedded content) rather than programmatic sanitization or filtering logic.
- [COMMAND_EXECUTION]: The skill executes local scripts to retrieve resonance data.
- Evidence: The instructions direct the agent to run
scripts/connectors/tavily.py --answer,scripts/connectors/bluesky.py,scripts/connectors/gdelt.py, andscripts/connectors/pageviews.py. - Context: These are designated connector scripts provided within the skill's infrastructure; they are used for fetching data relevant to the skill's function and do not appear to involve arbitrary command injection or privilege escalation.
Audit Metadata