anygen-storybook
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the vendor's official domain (anygen.io) and well-known platforms like Feishu (open.feishu.cn) for storybook generation and delivery.
- [COMMAND_EXECUTION]: Uses local Python scripts (scripts/anygen.py) to manage task lifecycles and handle background polling via the platform's sessions_spawn capability.
- [DATA_EXFILTRATION]: Securely manages an API key (ANYGEN_API_KEY) by storing it in a local configuration file with restricted file permissions (chmod 600).
- [EXTERNAL_DOWNLOADS]: Fetches generated image assets and storybook files from the AnyGen service to a local workspace directory.
- [PROMPT_INJECTION]: Manages indirect prompt injection risks by summarizing user-provided reference files before processing. Ingestion points: user-provided files in Phase 1. Boundary markers: explicit consent and summarization instructions present in SKILL.md. Capability inventory: script execution, network requests, and file-write operations. Sanitization: user-provided content is summarized before being interpolated into API requests.
Audit Metadata