narrative-lion
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a comprehensive CLI (nl.py) that acts as a wrapper for the Narrative Lion API, allowing the agent to perform complex production tasks through structured Python commands.\n- [EXTERNAL_DOWNLOADS]: The skill implements functionality to download binary assets (images, audio, video) from https://narrativelion.com to the local file system. This is triggered by the download and download-shot commands as part of the intended filmwork production workflow.\n- [DATA_EXFILTRATION]: The skill allows uploading local files to the vendor's API at https://narrativelion.com via the upload and upload-roll commands. This is a primary feature for syncing local assets with the Narrative Lion platform.\n- [PROMPT_INJECTION]: The skill ingests data from an external API (narrativelion.com) that is subsequently processed by the agent, creating a surface for indirect prompt injection.\n
- Ingestion points: External content is retrieved via the search, fts, notes get, and insights commands in scripts/commands/.\n
- Boundary markers: The Python scripts do not implement specific delimiter markers or instructional isolation when presenting retrieved data to the agent.\n
- Capability inventory: The skill possesses capabilities for file-system writing (via download_binary), file-system reading (via the --file and --storyboard-file arguments in notes and director commands), and network access via the urllib library in scripts/lib/client.py.\n
- Sanitization: The skill does not programmatically sanitize or validate the content retrieved from the API before it is rendered to the agent, although the documentation suggests using sub-agents to summarize insights as a workflow-level mitigation.
Audit Metadata