webnovel-learn
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to perform file system operations (read/write) specifically on local files within the
.webnoveldirectory. These operations are scoped to the project environment and align with the skill's stated purpose. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection.
- Ingestion points: User input provided via the
/webnovel-learncommand string (e.g., "pattern description"). - Boundary markers: Absent; there are no delimiters or 'ignore' instructions for the interpolated user string.
- Capability inventory: The skill has Bash access to write/append to local project files.
- Sanitization: Absent; input is written directly to the JSON structure without validation or escaping. An attacker could potentially embed instructions that the agent might follow when later reading from
project_memory.json.
Audit Metadata