lore-building
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No patterns of instruction override, safety filter bypass, or system prompt extraction were found. The skill instructions are strictly focused on defining a creative role.
- Data Exposure & Exfiltration (SAFE): There are no references to sensitive file paths, environment variables, or hardcoded credentials. No network-capable commands (curl, wget, etc.) are present.
- Obfuscation (SAFE): No Base64 encoding, zero-width characters, or homoglyphs were detected in the text or metadata.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include any package manifests (package.json, requirements.txt) or remote script execution patterns.
- Privilege Escalation (SAFE): No administrative commands or permission modification scripts are present.
- Persistence Mechanisms (SAFE): No modifications to shell profiles, cron jobs, or startup services were found.
- Metadata Poisoning (SAFE): Metadata fields are legitimate and descriptive of the skill's creative purpose.
- Indirect Prompt Injection (SAFE): The skill possesses no capabilities for code execution, file writing, or network communication, nullifying the risk associated with processing untrusted user input.
- Time-Delayed / Conditional Attacks (SAFE): No conditional logic or time-based triggers for sensitive operations exist.
- Dynamic Execution (SAFE): No patterns for runtime compilation, dynamic loading, or self-modifying code were identified.
Audit Metadata