Skills
skills/masayan1126/masayan-uni-code-plugins/creating-characters/Gen Agent Trust Hub

creating-characters

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill workflow uses user-controlled input to determine file names for output storage.
  • Ingestion points: User-provided character titles ({タイトル}) in SKILL.md (Step 9).
  • Boundary markers: Absent; the workflow does not instruct the agent to sanitize or validate the title string before use.
  • Capability inventory: The skill performs file-write operations to the local filesystem (output/character/).
  • Sanitization: Absent; there are no instructions to prevent path traversal characters (e.g., ../) in the user-provided title.
  • Relative Path Reference (LOW): The workflow references a file outside its immediate directory (../ANTI_AI_STYLE.md). While likely intended for shared resources, accessing parent directories can be a sign of poor isolation in some agent environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM