intent-story
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill provides instructions to install software via 'npx add-skill arcblock/idd' and 'git clone https://github.com/ArcBlock/idd'. Because 'arcblock' is not a trusted organization, these dependencies are unverified and could lead to the execution of malicious code if the user follows the suggestions.
- DATA_EXFILTRATION (MEDIUM): In Phase 1, the skill attempts to load a user's writing style from '~/.claude/content-profile/writing-style.md'. Accessing files within hidden directories in the user's home path (dotfiles) is a characteristic of data exposure or exfiltration attempts, even if used here for personalization.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted user input from interview responses to generate blog posts.
- Ingestion points: User answers provided during the Phase 2 structured interview.
- Boundary markers: Absent; user responses are interpolated into the final output without specific delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill generates blog content and social media posts which could be used to propagate malicious instructions provided by a user.
- Sanitization: There is no evidence of sanitization or escaping of the user-provided 'stories' before they are used in the Phase 4 generation.
Audit Metadata