forewrite
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script to read from and write to a local state file located at
~/.forewrite/graph.json. This is used exclusively for maintaining a history of user evaluations and does not execute arbitrary shell commands or external code. - [DATA_EXPOSURE]: The skill accesses the local file system to store user-provided project ideas and evaluation results. This data is stored in a hidden directory in the user's home folder (
~/.forewrite/). No credentials or sensitive system files are accessed. - [PROMPT_INJECTION]: The skill is designed to process untrusted user input describing project ideas and future scenes. While it accepts external data via 'forewrite-ingest' JSON blocks, it treats this data as structured records for storage rather than instructions to be executed, minimizing the risk of indirect prompt injection.
Audit Metadata