story-setup

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill deploys utility shell scripts to the project's .claude/hooks/ directory. These scripts are registered in .claude/settings.local.json to execute during platform events like session start or compaction to manage project state.
  • Evidence: Utility scripts in references/templates/hooks/ are registered via the configuration in references/templates/settings-hooks.json to automate tasks such as context recovery and status reporting.
  • [EXTERNAL_DOWNLOADS]: The integrated researcher agent uses browser automation to search for and retrieve information from well-known search engines (Google, Bing) and external reference websites to assist with world-building and factual accuracy.
  • Evidence: The research workflow described in references/templates/agents/story-researcher.md involves automated navigation to search engines.
  • [REMOTE_CODE_EXECUTION]: The researcher agent utilizes the agent-browser tool to execute JavaScript snippets in a browser context for the purpose of DOM manipulation and data extraction from web search results.
  • Evidence: Use of the agent-browser --cdp eval command in references/templates/agents/story-researcher.md to extract link and text data from search results.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 02:23 AM
Security Audit — agent-trust-hub — story-setup