bookstrap-write-path
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator instructs the agent to execute SQL queries and Python code snippets (referencing 'scripts/writer_methods.py') to track writing progress and verify that manuscript sections are correctly stored.- [DATA_EXFILTRATION]: The skill accesses local database tables (task, section, character, location) to manage the writing workflow. This is consistent with its stated purpose and does not involve network exfiltration.- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes data from database records which may contain external content.
- Ingestion points: Task records and knowledge gap questions read from the database (SKILL.md).
- Boundary markers: No explicit delimiters or boundary markers are defined in the provided code templates.
- Capability inventory: SQL execution, Python script execution, and invocation of the 'writer' skill (SKILL.md).
- Sanitization: The provided SQL and Python templates use f-string interpolation for variables like task IDs, which represents a vulnerability surface if the underlying data is untrusted.
Audit Metadata