FBS-BookWriter
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill exhibits professional development standards with an 'assume-malicious' defensive posture. It includes a
security-fence.mjsmodule that blacklists sensitive system directories and file patterns to prevent unauthorized data access. Diagnostic reports are designed to redact sensitive host information. No malicious code or patterns were detected. - [COMMAND_EXECUTION]: Internal script orchestration uses
spawnto run Node.js and PowerShell verification and build scripts included in the package. These operations are restricted to the tool's internal project lifecycle and do not involve arbitrary command injection or privilege escalation. - [EXTERNAL_DOWNLOADS]: Fetches structural configurations and 'scene packs' from WeChat Enterprise Smartsheets and pulls document rendering assets from public CDNs. These network requests target established, well-known services and utilize a robust fallback chain to local files.
Audit Metadata