character-generator
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses the Bash tool to compile and execute local source code (
go build -o sw-character ./cmd/character). These actions are purpose-aligned and do not involve untrusted remote sources. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-supplied character names and saves them to local storage, creating a surface for potential injection.
- Ingestion points: Character names provided to the
createcommand. - Boundary markers: No delimiters or safety warnings are used to wrap the user-provided names in storage or output.
- Capability inventory: The skill uses
Bashfor shell execution and has file-system read/write access. - Sanitization: No input validation or sanitization of character names is documented.
Audit Metadata