endings
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or obfuscation were detected in the skill instructions or scripts.
- [COMMAND_EXECUTION]: The skill provides Deno scripts (scripts/ending-check.ts and scripts/setup-payoff.ts) designed to analyze story files. These scripts use the --allow-read flag, which limits their capability to reading local text content for diagnostic purposes.
- [PROMPT_INJECTION]: The skill processes external text files provided by the user, representing a surface for indirect prompt injection. However, the risk is mitigated as the scripts use deterministic regex-based analysis rather than passing raw text directly to an LLM for instruction execution. 1. Ingestion points: user-provided text files via Deno.readTextFile in scripts/ending-check.ts and scripts/setup-payoff.ts. 2. Boundary markers: No explicit delimiters or instruction-bypass warnings are used for the input text. 3. Capability inventory: Read-only file system access for the provided scripts; no network or subprocess capabilities. 4. Sanitization: Automated pattern matching with no dynamic execution of input content.
Audit Metadata