story-roleplay
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by parsing external files (PNG, WebP, JSON) and extracting fields such as
system_promptandpersonalityto define agent behavior. - Ingestion points: Processes user-provided files like
character.png,character.json, andworld-info.jsonfrom the workspace. - Boundary markers: The skill lacks boundary markers or sanitization, explicitly instructing the agent to 'Use character's system_prompt as behavior rules'.
- Capability inventory: The agent can execute shell commands, perform file I/O, and install external dependencies.
- Sanitization: No content validation or sanitization is performed on the extracted strings before they are injected into the agent's instruction context.
- [COMMAND_EXECUTION]: The skill utilizes several shell commands to locate, copy, and execute its parsing logic.
- Evidence: Instructions include using
cp,find, andnodeto manage and run theparse-character-card.jsscript. The skill also provides 'Fallback Code' for manual script creation. - [EXTERNAL_DOWNLOADS]: The skill requires downloading external dependencies at runtime via the Node Package Manager.
- Evidence: Instructs the agent to run
npm installto acquire thepng-chunks-extractandpng-chunk-textpackages.
Audit Metadata