Skills
skills/worldwonderer/oh-story-claudecode/story-long-scan/Gen Agent Trust Hub

story-long-scan

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted text from third-party websites, creating a surface for indirect prompt injection.
  • Ingestion points: Scraper scripts such as scripts/qidian-rank-scraper.js and scripts/fanqie-rank-scraper.js extract book descriptions and summaries from multiple external novel platforms.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's logic for isolating external content.
  • Capability inventory: The skill utilizes child_process.execSync (in scripts/cdp-utils.js) to run browser tools and fs.writeFileSync to save data to the local file system.
  • Sanitization: No validation or escaping is applied to the ingested external descriptions before they are presented to the agent.
  • [COMMAND_EXECUTION]: The script scripts/cdp-utils.js uses child_process.execSync to invoke the agent-browser tool. This is a functional requirement for browser automation and scraping.
  • [EXTERNAL_DOWNLOADS]: The skill connects to multiple well-known web novel platforms to retrieve data. These operations are core to the skill's purpose and target established, legitimate services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:47 AM