literary-ghostwriter
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design.
- Ingestion points: User-supplied data enters the agent context through the
<选题>(Chinese) and<topic>(English) parameters in the commands/文豪and/literaryrespectively, as defined inSKILL.md. - Boundary markers: The instructions lack specific guidance for the agent to wrap user-provided topics in delimiters or to apply 'ignore embedded instructions' warnings, which could allow a malicious user topic to influence agent behavior.
- Capability inventory:
SKILL.mdexplicitly discusses bash command execution and provides defensive rules for it, indicating the agent environment has shell access. - Sanitization: There are no documented procedures for validating or filtering the user input before interpolation into the creative writing prompts.
- [SAFE]: The skill includes a 'Safety Rules' section that proactively instructs the agent on secure shell usage, such as enforcing timeouts and avoiding dangerous commands like
rm -rforsudo, which mitigates platform-specific risks.
Audit Metadata