generate-story
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Replicate API and the author's domain
bedtimestories.bruce-hart.workers.devfor storage and media generation. - [COMMAND_EXECUTION]: Uses
subprocess.runto call system utilities includingffmpegfor video processing andcurlfor API requests, along with internal helper scripts. - [PROMPT_INJECTION]: Ingests user-provided story source material (SKILL.md). It lacks explicit boundary markers for untrusted data. Capability inventory includes subprocess calls for ffmpeg, curl, and file writing to /tmp. Sanitization is performed via model instructions to filter intense content.
- [SAFE]: No hardcoded secrets were found; the skill correctly relies on environment variables for authentication.
Audit Metadata