Skills
skills/lingfengqaq/webnovel-writer/webnovel-review/Gen Agent Trust Hub

webnovel-review

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local Python utility (webnovel.py) located in the plugin's script directory. This script is used for project root discovery, runtime contract generation, and executing the review pipeline.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) due to its handling of untrusted novel content during the review workflow.\n
  • Ingestion points: Novel chapter files (e.g., markdown files in the 正文 directory) and the .webnovel/state.json metadata file are read into the context in Steps 3 and 4.\n
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate untrusted chapter content from the reviewer agent's core instructions.\n
  • Capability inventory: The skill is granted access to high-capability tools including Bash, Write, Edit, and Task, which could be targeted by a successful injection.\n
  • Sanitization: There is no evidence of content sanitization or validation performed on the chapter text before it is analyzed by the reviewer agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 11:43 AM