Skills
skills/lingfengqaq/webnovel-writer/webnovel-resume/Gen Agent Trust Hub

webnovel-resume

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local Python scripts (webnovel.py) and Git commands to manage project state.
  • [COMMAND_EXECUTION]: Employs destructive operations such as git reset --hard and workflow cleanup, which can cause permanent loss of data in the user's local project directory.
  • [PROMPT_INJECTION]: Identified an Indirect Prompt Injection surface (Category 8). The skill reads workflow state, including previous commands and arguments, from local files (state.json, workflow_state.json).
  • Ingestion points: Processes data from .webnovel/state.json and workflow_state.json via the webnovel.py script.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when reading data from the state files.
  • Capability inventory: The skill utilizes Bash for shell command execution and AskUserQuestion for user interaction.
  • Sanitization: There is no evidence of sanitization or validation for the original_command or original_args variables before they are used to re-trigger tasks in Step 7.
  • [COMMAND_EXECUTION]: Dynamically assembles and executes agent commands (e.g., /{original_command}) based on unsanitized data retrieved from the project's local state files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:03 PM