Skills
skills/fotescodev/portfolio/generate-story-bank/Gen Agent Trust Hub

generate-story-bank

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local npm scripts such as check:coverage and search:evidence to process user achievement data and identify content gaps. It also performs directory listings using ls to manage files.
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection when transforming user-provided achievements.
  • Ingestion points: Data is read from files in content/knowledge/achievements/*.yaml.
  • Boundary markers: No specific boundary markers or instructions are provided to the agent to distinguish between achievement content and potential embedded commands.
  • Capability inventory: The skill allows the execution of shell commands and file system access which could be leveraged if malicious instructions were successfully injected.
  • Sanitization: No sanitization or validation of the input data is performed during the transformation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 06:54 PM