story-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading untrusted story content and passing it directly to sub-agents for analysis without security boundaries.
- Ingestion points: Story text is retrieved from local files or through the git diff command in Phase 1.
- Boundary markers: The prompts for sub-agents (story-architect, character-designer, narrative-writer, consistency-checker) interpolate the story content using the {待审查内容} placeholder without any delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the ability to spawn sub-agents and read local project configuration and rubric files.
- Sanitization: There is no evidence of content validation, escaping, or filtering of the story text before it is processed by the AI agents.
Audit Metadata