production-validator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process XML data from an external source ('screenwriter' skill), creating a surface for indirect prompt injection.
- Ingestion points: XML input received from the screenwriter skill as defined in SKILL.md.
- Boundary markers: The skill relies on XML structure but lacks explicit instructions to ignore potentially malicious prompts embedded within the scene action or metadata tags.
- Capability inventory: The skill generates output prompts that are passed to downstream skills ('imagine', 'arch-v'), meaning a malicious injection in the input could influence the behavior of subsequent agents.
- Sanitization: There is no evidence of sanitization or filtering logic for the input XML before it is used to construct prompts.
- [No Code] (SAFE): No executable scripts (Python, JavaScript, Shell) are included in the skill. All logic is described through natural language instructions and reference documentation.
Audit Metadata