character-management
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of Markdown files and templates. There is no executable code, such as Python or JavaScript, which eliminates risks associated with script execution or dynamic code loading.- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it instructs the agent to read context from external files like
story.md. However, the risk is assessed as safe given the limited capabilities. - Ingestion points: Content is read from
story.md,characters/_index.md, and direct user conversational input. - Boundary markers: There are no instructions for the agent to treat file content as untrusted or to use specific delimiters when reading.
- Capability inventory: The agent's capabilities within this skill are limited to creating and updating Markdown files in a local directory; no network access, system-level command execution, or sensitive file access (e.g., SSH keys, credentials) are requested or utilized.
- Sanitization: No input sanitization or validation logic is defined within the skill's instructions, relying instead on the model's baseline safety guardrails.
Audit Metadata