chinese-novelist
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute a Python script (
scripts/check_chapter_wordcount.py) using a command-line argument that includes the user-defined novel name (novels/[小说名称]/...). This creates a vulnerability where a malicious user could provide a novel name containing shell metacharacters (e.g.,;,|, or`) to execute arbitrary commands if the agent's execution environment does not perform strict sanitization. - INDIRECT_PROMPT_INJECTION (LOW): The skill has a surface for indirect prompt injection by reading from user-provided inputs and generated files to drive subsequent logic.
- Ingestion points: Phase 1 user responses and the generated
00-大纲.mdfile. - Boundary markers: Absent; the skill does not use delimiters or warnings to ignore instructions within the ingested data.
- Capability inventory: File system access (reading and writing in
novels/) and local Python script execution. - Sanitization: None; the skill does not describe any validation or escaping of the user-provided story details or filenames.
Audit Metadata