worldbuilding
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Deno scripts (scripts/belief.ts, scripts/cascade.ts, scripts/institution.ts) to generate worldbuilding data and diagnostics. These scripts are invoked using hardcoded paths and are restricted with the --allow-read flag, preventing network access or unauthorized file modifications.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (Category 8) by processing untrusted user input regarding fictional settings.
- Ingestion points: User-provided descriptions of story worlds and speculative elements are ingested by the agent and passed to diagnostic scripts.
- Boundary markers: The skill does not employ explicit delimiters or instructions to separate user-provided story data from the system's analytical instructions.
- Capability inventory: The skill can execute internal scripts and write persistent output to specific project files but does not have network or administrative capabilities.
- Sanitization: There is no explicit sanitization of user-supplied story content before it is used for analysis.
Audit Metadata