story-design
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates user-provided story ideas into generated files, which represents an indirect prompt injection surface.
- Ingestion points: User input captured during the story ideation phase in
SKILL.md. - Boundary markers: None present; the skill lacks delimiters or explicit instructions to treat user input as data only.
- Capability inventory: The skill facilitates reading from and writing to the
story_specs/directory. - Sanitization: No input validation or filtering of user content is performed before interpolation into markdown files.
- [COMMAND_EXECUTION]: The skill performs file system operations, including reading sample files and writing final specifications. These actions are triggered by the workflow and use paths derived from genre mappings and AI-generated titles.
Audit Metadata