story-review
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides methodologies for editorial review and a script for prose metrics calculation that follows best practices.
- [COMMAND_EXECUTION]: Documentation in
resources/prose-critique.mdandresources/prose-critique/baseline.mdprovides examples for running theanalyze.pyscript using shell commands (e.g.,uv run). This is an intended feature for technical prose analysis and does not involve risky patterns such as piping remote scripts to a shell. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted markdown prose files, presenting a potential indirect prompt injection surface.
- Ingestion points: Prose files in markdown format are processed by
resources/prose-critique/analyze.pyand reviewed by the agent as described inSKILL.md. - Boundary markers: None explicitly defined in the provided instruction files to separate user prose from system instructions.
- Capability inventory: The skill scripts (
analyze.py) use standard Python libraries for text processing and do not perform network operations, subprocess executions, or sensitive file writes. - Sanitization: The
analyze.pyscript uses regular expressions to strip markdown formatting and frontmatter before analysis, which serves as a basic layer of data cleaning.
Audit Metadata