Skills
skills/cyangzhou/-2--project-yunshu-/novel-writer/Gen Agent Trust Hub

novel-writer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): Path Traversal vulnerability in file handling logic.
  • Evidence: In main.py, the book_name is extracted directly from user input using the regex re.search(r"《(.*?)》", instruction).
  • Evidence: This book_name is passed to tools.py methods like get_character_profiles, get_outline, and save_chapter.
  • Evidence: tools.py constructs file paths using self.novels_root / book_name without validating or sanitizing the input for path traversal sequences like ../.
  • Impact: A malicious user could provide an instruction like 续写《../../.ssh/id_rsa》 to attempt reading sensitive files or 续写《../../.bashrc》 to overwrite system configuration files.
  • [PROMPT_INJECTION] (LOW): Strong instructional constraints on AI behavior.
  • Evidence: main.py includes blocks like 【反AI写作风格指南(强制执行)】 and CRITICAL WORKFLOW ENFORCEMENT.
  • Context: These are functional overrides intended to maintain a specific creative writing style and enforce the skill's workflow. They do not attempt to bypass core safety guardrails.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:18 PM