Skills
skills/nicmarti/skills-weaver/adventure-manager/Gen Agent Trust Hub

adventure-manager

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill stores untrusted user input (character names, logs, and adventure metadata) that is later displayed back to the agent, creating a surface for indirect prompt injection. \n
  • Ingestion points: User-provided text via commands like create, add-character, and log in SKILL.md. \n
  • Boundary markers: Absent; user-provided strings are interleaved directly with structured output in the status and journal commands. \n
  • Capability inventory: Use of Bash for command execution and Read for file system access. \n
  • Sanitization: The documentation does not specify any validation or sanitization of input strings before they are processed or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 04:04 AM