story
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input to determine which sub-skill to execute, creating a surface for indirect prompt injection.
- Ingestion points: User-provided queries and intent descriptions used for keyword matching and routing decisions.
- Boundary markers: None identified; user input is processed directly to decide which skill to invoke.
- Capability inventory: The routing logic can trigger high-privilege tools including browser manipulation (
/browser-cdp), specialized research agents (story-researcher), and environment initialization scripts (/story-setup). - Sanitization: No input validation or filtering is performed on the user's request before it influences the routing logic.
- [SAFE]: The skill performs local file system state checks to provide contextual guidance.
- Evidence: Checks for project-specific directories such as
追踪/and设定/, and identifies deployment status via the.story-deployedmarker file. These operations are scoped to the application's functional requirements and do not access sensitive system paths.
Audit Metadata