story-long-analyze

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted novel content provided by the user, creating a surface for indirect prompt injection attacks. \n
  • Ingestion points: The skill reads novel text from user-provided file paths or direct inputs as defined in SKILL.md. \n
  • Boundary markers: The instructions do not define clear boundary markers or guidelines to prevent the agent from executing instructions potentially hidden within the novel text. \n
  • Capability inventory: The skill has permissions to read and write to the local file system (within the '拆文库' directory) and execute shell commands. \n
  • Sanitization: No sanitization or validation of novel content is performed before processing. \n- [COMMAND_EXECUTION]: The skill utilizes the wc -m shell utility to enforce output length constraints. \n
  • Evidence: Found in SKILL.md and material-decomposition.md, where it is used to count characters in processed segments. \n- [SAFE]: Remote resources are limited to the vendor's official GitHub repository (worldwonderer), which is an expected and safe source for skill metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 08:55 AM
Security Audit — agent-trust-hub — story-long-analyze