story-generator
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests untrusted textbook data to influence generated narratives and image prompts. * Ingestion points: reads
docs/course-description.md,mkdocs.yml, anddocs/learning-graph/learning-graph.csv. * Boundary markers: No explicit delimiters or instructions are used to isolate textbook data from the skill's operational instructions. * Capability inventory: Filesystem writes (docs/stories/), system command execution (sips,sed), and network requests to the Google Gemini API. * Sanitization: No input validation or filtering of textbook content is performed before processing. - [COMMAND_EXECUTION]: The Python scripts
generate-images.pyandverify-images.pyutilizesubprocess.check_outputto execute the system utilitysipsfor image dimension verification. - [EXTERNAL_DOWNLOADS]: The skill requires the
google-genaiPython library and makes network requests to official Google Gemini API endpoints for image generation. - [DATA_EXFILTRATION]: Local textbook metadata and narrative prompts are transmitted to external Google Gemini API endpoints as part of the expected generation workflow.
Audit Metadata