starlight-chronicle
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts
scripts/chronicle-roll-week.mjsto aggregate git history andscripts/nb-generate.mjsto generate visual assets for the weekly reviews. - [PROMPT_INJECTION]: The instructions include a negative constraint list ('AI-slop refusal list') and strict persona guidelines to enforce a specific tone and prevent characteristic AI phrasing patterns, which is a benign use of instruction-tuning.
- [DATA_EXPOSURE]: The skill reads repository-wide git history, changelog data, and project memory files (
MEMORY.md) to construct its reflective outputs. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of git commit messages and changelog entries provided by external contributors or automated systems.
- Ingestion points: Git history mined by
scripts/chronicle-roll-week.mjsand entries indata/changelog-entries.json. - Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore potential commands embedded in the commit messages.
- Capability inventory: The agent has permissions to write files to the documentation directory (
docs/chronicle/) and execute project-local scripts. - Sanitization: No sanitization or validation logic is defined for the content extracted from git history before it is summarized into the final report.
Audit Metadata