script-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests and stores untrusted data in the form of scripts and templates, creating an attack surface for indirect prompt injection.\n
- Ingestion points: scripts/script_db.py facilitates the storage of user-provided script content and preferences in a local database.\n
- Boundary markers: No boundary markers or instructions to the AI agent to ignore embedded instructions are present in the provided code.\n
- Capability inventory: The skill has file system write access to ~/.claude/script_writer.json. It does not possess network or arbitrary command execution capabilities.\n
- Sanitization: There is no evidence of input validation or sanitization of script content before it is stored or retrieved.
Audit Metadata