story-long-analyze
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted novel content provided by the user, creating a surface for indirect prompt injection attacks. \n
- Ingestion points: The skill reads novel text from user-provided file paths or direct inputs as defined in SKILL.md. \n
- Boundary markers: The instructions do not define clear boundary markers or guidelines to prevent the agent from executing instructions potentially hidden within the novel text. \n
- Capability inventory: The skill has permissions to read and write to the local file system (within the '拆文库' directory) and execute shell commands. \n
- Sanitization: No sanitization or validation of novel content is performed before processing. \n- [COMMAND_EXECUTION]: The skill utilizes the
wc -mshell utility to enforce output length constraints. \n - Evidence: Found in SKILL.md and material-decomposition.md, where it is used to count characters in processed segments. \n- [SAFE]: Remote resources are limited to the vendor's official GitHub repository (worldwonderer), which is an expected and safe source for skill metadata.
Audit Metadata