novel-dialogue-editor
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: The skill receives untrusted data through the 'context_bundle' field in the 'TaskEnvelope', specifically via the 'source_scene_draft' attribute defined in 'references/novel-system/schemas/context-bundle.schema.md'.
- Boundary markers: The framework uses named context blocks for structured data exchange, which provides a degree of separation between instructions and content.
- Capability inventory: The skill logic is confined to text transformation and writing diagnostics; it contains no subprocess executions, file system write operations, or network communication.
- Sanitization: No explicit input sanitization or 'ignore instructions' delimiters are defined for the processed story text.
Audit Metadata