team-narrative
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an orchestration pipeline that ingests external data (such as story briefs, lore entries, and Game Design Documents) which could potentially contain indirect prompt injections. While typical for multi-agent workflows, the absence of explicit isolation for untrusted data presents a minor risk.
- Ingestion points: The skill reads narrative content descriptions, lore dependencies, and character profiles from the project workspace via the Read, Glob, and Grep tools.
- Boundary markers: The instructions do not specify the use of delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' headers when providing context to sub-agents.
- Capability inventory: The orchestrated sub-agents have the capability to write to files, edit documents, and create tasks using the platform's toolset, allowing injected instructions to potentially influence the codebase or documentation.
- Sanitization: There is no mention of sanitizing or validating the content of ingested files before they are interpolated into the sub-agents' prompts.
Audit Metadata