story
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a functional dispatcher for the worldwonderer writing suite, organizing user requests into appropriate categories like short stories, long-form novels, or technical setup tasks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided text directly into prompts for downstream agents.
- Ingestion points: The user query string is captured and passed directly into the agent spawn command in SKILL.md.
- Capability inventory: The router dispatches tasks to skills with capabilities for file system initialization (/story-setup, /story-import) and browser automation (/browser-cdp).
- Boundary markers: No delimiters or framing instructions are used to separate user data from the agent's internal prompt logic.
- Sanitization: No explicit validation or escaping of user input is performed before it is used to trigger sub-skills or spawn agents.
Audit Metadata