storyboard-grid-writer

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests multiple untrusted inputs such as viewerQuestion, openingMechanism, and mustCopyVisualGrammar which are used to generate prompts for downstream image and video generation tools. The lack of explicit boundary markers or sanitization logic creates a surface for indirect prompt injection. * Ingestion points: Required Inputs section in SKILL.md. * Boundary markers: Absent. * Capability inventory: Command execution via postplus CLI and handoff to image-generation and video-request-architect skills. * Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute commands using the postplus CLI tool, specifically 'postplus doctor' for diagnostics and 'postplus quote confirm' for transaction processing. These represent the vendor's own diagnostic and workflow tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 04:13 AM
Security Audit — agent-trust-hub — storyboard-grid-writer