story-memory

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill instructions focus entirely on creative writing project management, including fact extraction, context scoping, and issue tracking. No suspicious network operations, credential access, or obfuscated code were found.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data (user-written story chapters and character notes). While this creates a potential surface for indirect prompt injection if an attacker-controlled chapter contained malicious instructions, the skill's primary function is data organization within a local knowledge base (kb/ and work/ directories), which is consistent with its stated purpose.
  • Ingestion points: Processes written chapters, manuscript files, and conversation history via resources/fact-extraction.md and resources/story-context.md.
  • Boundary markers: The skill suggests scoping context tightly but does not explicitly mandate the use of XML tags or other boundary delimiters for the processed text.
  • Capability inventory: Primarily filesystem write access to specific project directories (kb/, work/, issues/). No high-privilege operations or network exfiltration capabilities were observed.
  • Sanitization: No explicit sanitization or filtering of input text is mentioned, which is common for creative writing tools where preservation of original prose is expected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 05:02 AM
Security Audit — agent-trust-hub — story-memory