novel-free
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Bash scripts designed for local workflow automation. These scripts manage project directories, initialize templates, and provide an interactive terminal interface for the user. They rely on standard system utilities like sed, grep, and tar to perform file operations within the workspace.
- [DATA_EXFILTRATION]: Configuration scripts read the local platform configuration file (
openclaw.json) to automatically identify available AI models. This data is used strictly for internal configuration of the writing agents. The skill documentation explicitly states that sensitive fields like API keys or passwords are filtered out before being passed to sub-agent prompts. - [PROMPT_INJECTION]: As a system that processes user-provided story ideas and draft content, there is a theoretical surface for indirect prompt injection. However, the skill implements a robust 'Iron Rules' framework and uses structured Markdown templates with clear delimiters to separate instructions from content, significantly reducing the risk of accidental instruction override.
Audit Metadata