brief-storyline-architect
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, hidden code, or dangerous command executions were detected. The skill is entirely template-driven for the purpose of document organization.
- [NO_CODE]: The skill consists exclusively of markdown documentation, YAML configurations, and templates. It does not include any Python scripts, Node.js packages, or binary executables.
- [PROMPT_INJECTION]: The skill processes untrusted external project briefs and evidence catalog data, which represents a surface for indirect prompt injection.
- Ingestion points: Project briefs (
tracking/document-brief.md) and evidence catalog outputs (referenced inSKILL.md). - Boundary markers: Absent; there are no defined delimiters or specific instructions to ignore embedded commands in the input data.
- Capability inventory: No executable scripts or remote tools exist in the skill; capabilities are restricted to reading and writing markdown files within the agent's workspace.
- Sanitization: Absent; the skill does not perform any validation or filtering of input content.
Audit Metadata