brand-storytelling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious code, prompt injections, or data exfiltration patterns were identified. The skill is entirely declarative and focuses on providing instructions to the AI for storytelling tasks.
- Indirect Prompt Injection (LOW): The skill is designed to process user-provided brand messages and can interact with project files (referenced in
validations.mdvia file globs). - Ingestion points: Data enters via user-provided messages and local file content matching globs like
**/*.{ts,js,py,yaml,md}. - Boundary markers: Not explicitly defined in the prompt instructions, though instructions mandate grounding in reference files.
- Capability inventory: The skill possesses no capabilities for command execution, network access, or file system modifications.
- Sanitization: No specific sanitization logic is present.
- Conclusion: Due to the lack of dangerous capabilities, the presence of an ingestion surface does not pose a significant security risk.
Audit Metadata