sumeru-review
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted fiction content from the 'chapters/' directory to identify and repair inconsistencies, creating an indirect prompt injection surface. \n
- Ingestion points: Content within the 'chapters/' directory. \n
- Boundary markers: No explicit delimiters are used to distinguish fiction text from agent instructions. \n
- Capability inventory: Modification of local files in the 'chapters/' directory. \n
- Sanitization: No explicit sanitization of ingested content is documented. \n- [COMMAND_EXECUTION]: The skill includes a Python script ('scripts/chapter-word-counter.py') that performs local file operations to count words and generate reports. These actions are limited to the project directories and do not involve network access or external command execution.
Audit Metadata