novel-to-script
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection attacks because it ingests untrusted external data and has side-effect capabilities (file writing).
- Ingestion points:
SKILL.md(Step 1) explicitly instructs the agent to read novel fragments provided by the user. - Boundary markers: Absent. There are no delimiters (e.g., XML tags or triple backticks) or explicit instructions to treat the novel text strictly as data and ignore any embedded commands.
- Capability inventory:
SKILL.md(Step 5) instructs the agent to use a "Write" tool to save files to the filesystem, providing an attacker with a mechanism to create or overwrite files if the agent obeys instructions hidden within the novel text. - Sanitization: Absent. There is no requirement for the agent to sanitize the input or validate the output content before performing the write operation.
Recommendations
- AI detected serious security threats
Audit Metadata