chinese-novelist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill instructs the agent to execute a local Python script
scripts/check_chapter_wordcount.pyto verify chapter lengths. The script is bundled with the skill and is benign, containing only text processing logic. However, the command construction involves user-supplied project names, which could lead to command injection if the agent is not configured to handle tool arguments securely.\n- [Indirect Prompt Injection] (LOW): The skill implements a multi-stage automated writing process that processes untrusted data across multiple sessions.\n - Ingestion points: User answers to the 5 initial configuration questions; the
00-大纲.md(outline) and character profiles generated from those answers.\n - Boundary markers: Absent; the skill does not use specific delimiters or instructions to treat outline data as untrusted when the agent reads it back for subsequent chapters.\n
- Capability inventory: Extensive file system access (read/write), project directory creation, and shell command execution via Python.\n
- Sanitization: No explicit sanitization or validation of user-provided strings (like novel titles or themes) is performed before these strings are used in directory creation, file naming, or interpolated into complex writing prompts.
Audit Metadata