narrative-resonance-monitor

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, presenting a surface for indirect prompt injection attacks.
  • Ingestion points: External data from news mentions, social media, and AI search engine responses are ingested via scripts in the scripts/connectors/ directory (tavily.py, gdelt.py, bluesky.py, pageviews.py), as well as user-provided analytics exports.
  • Boundary markers: The skill contains a specific security instruction requiring the agent to treat all ingested data as untrusted and to specifically disregard any instructions or commands embedded within that data.
  • Capability inventory: The skill's capabilities are limited to reading positioning statements from memory/narrative-registry/canon.md, writing resonance reports to memory/narrative/narrative-resonance-monitor/, and executing specified local data-fetching scripts.
  • Sanitization: The skill relies on behavioral instructions for the agent (ignoring embedded content) rather than programmatic sanitization or filtering logic.
  • [COMMAND_EXECUTION]: The skill executes local scripts to retrieve resonance data.
  • Evidence: The instructions direct the agent to run scripts/connectors/tavily.py --answer, scripts/connectors/bluesky.py, scripts/connectors/gdelt.py, and scripts/connectors/pageviews.py.
  • Context: These are designated connector scripts provided within the skill's infrastructure; they are used for fetching data relevant to the skill's function and do not appear to involve arbitrary command injection or privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 04:16 PM
Security Audit — agent-trust-hub — narrative-resonance-monitor