ns-canon
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: User-controllable Markdown chapter files located in 'content/' and project YAML files in 'novel-studio/'.
- Boundary markers: No explicit delimiters or protective instructions are used to prevent the agent from obeying instructions embedded within the story content.
- Capability inventory: The agent is tasked with reading these files and updating 'memory.yaml' and 'continuity.yaml' based on the content.
- Sanitization: There is no sanitization or verification of the ingested text before processing.
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (schema_doctor.py and continuity_check.py) to analyze and validate the novel's structure and consistency. These scripts operate on files within the specified project root.
- [DYNAMIC_EXECUTION]: The schema_doctor.py script employs dynamic path modification by inserting a computed relative path into sys.path to import local utility modules.
Audit Metadata