generate-story
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator script
run-generate-story.pyusessubprocess.runto execute helper scripts and system tools likeffmpegandcurl. Analysis shows these calls are implemented safely using argument lists rather than shell strings, which prevents shell-based command injection. The skill also usestempfile.mktempfor temporary file paths, which is a deprecated practice but does not pose a direct security threat in this context.- [DATA_EXFILTRATION]: The skill communicates withapi.replicate.comandbedtimestories.bruce-hart.workers.dev. Both are legitimate destinations: Replicate is a well-known AI service provider, and the workers.dev domain belongs to the skill's author. API tokens are correctly handled via environment variables and passed securely in request headers.- [PROMPT_INJECTION]: The skill takes user-provided content (story title and body) and interpolates it into prompts sent to Replicate for image and video generation. While this represents an attack surface for indirect prompt injection, the risk is minimal as it targets downstream media generation models. - Ingestion points: User-provided story prompt or source material processed in
SKILL.mdand passed torun-generate-story.py. - Boundary markers: None identified. Content is interpolated directly into prompt templates in
run-generate-story.py. - Capability inventory:
subprocess.runexecutescurlfor API interactions andffmpegfor video processing inrun-generate-story.py. - Sanitization: The
compact_story_excerptfunction inrun-generate-story.pylimits the length of user text used in prompts, but no specific escaping or filtering for injection patterns is performed.
Audit Metadata