story-review
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in SKILL.md. It ingests untrusted story content and interpolates it directly into sub-agent prompts (e.g., {待审查内容}) without the use of boundary markers (like XML tags or specific delimiters) or explicit instructions to ignore embedded commands.
- Ingestion points: SKILL.md Phase 1 (reads user story files or git diffs).
- Boundary markers: Absent in sub-agent prompt templates.
- Capability inventory: Spawning sub-agents, file system reading, and output generation.
- Sanitization: Not implemented; relies on model safety guardrails.
- [COMMAND_EXECUTION]: The skill utilizes legitimate local tools like git diff and grep for analysis tasks. These operations are scoped to the project directory and are consistent with the skill's stated purpose of reviewing story files.
Audit Metadata