style-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and analyze untrusted external content (movie scripts) to generate style definitions. While the skill itself has no dangerous execution capabilities, the lack of boundary markers for input text represents a surface where malicious instructions in a script could influence the generated style assets.
- Ingestion points: The skill explicitly requires '剧本正文' (Script body) as untrusted user input in
SKILL.md. - Boundary markers: Absent. The instructions do not provide delimiters or specific 'ignore instructions' warnings to isolate the untrusted script content.
- Capability inventory: The skill is limited to text reasoning and generation of
STYLE_BASEandSTYLE_VARblocks. It lacks subprocess execution, file-writing, or network exfiltration capabilities. - Sanitization: Absent. No logic is present to sanitize or escape the script content before it is interpolated into the agent's reasoning process.
Audit Metadata