starlight-chronicle

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts scripts/chronicle-roll-week.mjs to aggregate git history and scripts/nb-generate.mjs to generate visual assets for the weekly reviews.
  • [PROMPT_INJECTION]: The instructions include a negative constraint list ('AI-slop refusal list') and strict persona guidelines to enforce a specific tone and prevent characteristic AI phrasing patterns, which is a benign use of instruction-tuning.
  • [DATA_EXPOSURE]: The skill reads repository-wide git history, changelog data, and project memory files (MEMORY.md) to construct its reflective outputs.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of git commit messages and changelog entries provided by external contributors or automated systems.
  • Ingestion points: Git history mined by scripts/chronicle-roll-week.mjs and entries in data/changelog-entries.json.
  • Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore potential commands embedded in the commit messages.
  • Capability inventory: The agent has permissions to write files to the documentation directory (docs/chronicle/) and execute project-local scripts.
  • Sanitization: No sanitization or validation logic is defined for the content extracted from git history before it is summarized into the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — starlight-chronicle