story-zoom
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's workflow involves the agent reading and reviewing markdown files from the user's project directories to maintain state. This represents an untrusted data ingestion surface.\n
- Ingestion points: Story files (manuscript, scenes, entities, pitch, structure) and the
change-log.jsonlfile.\n - Boundary markers: The scripts do not implement specific delimiters or warnings to the agent to ignore instructions found within the story files.\n
- Capability inventory: The provided scripts (
init.ts,watcher.ts) have local file-writing permissions via Deno's--allow-writeflag.\n - Sanitization: There is no logic to sanitize or filter potential prompt injection strings from the story content before it is processed by the agent.
Audit Metadata