WriteStory

Warn

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary SKILL.md file contains mandatory instructions requiring the agent to execute shell commands. Specifically, it requires running curl to a local port for voice notifications and echo to append to a log file located at ~/.claude/LIFEOS/MEMORY/SKILLS/execution.jsonl upon every invocation and completion.
  • [DATA_EXFILTRATION]: The skill mandates a network connection to localhost:31337 to send status messages. While targeting a local address, this represents an automated side-channel for data transfer out of the agent's immediate context.
  • [PROMPT_INJECTION]: The skill utilizes high-priority mandatory language ("MANDATORY", "REQUIRED BEFORE ANY ACTION", "This is not optional") to force the agent into executing specific shell commands. This pattern can be used to override default agent behaviors or safety constraints.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from user-provided directories (story notes, sketches, and drafts) as specified in Workflows/Interview.md. The combination of this untrusted data ingestion with the skill's mandatory shell execution capabilities (curl and echo) creates a vulnerability for indirect prompt injection where malicious instructions in the story notes could trigger unauthorized commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 7, 2026, 03:45 AM
Security Audit — agent-trust-hub — WriteStory