The Agent Skills Directory

Prompt Injection (SAFE): The skill instructions are strictly focused on narrative translation. There are no attempts to bypass safety filters, ignore system instructions, or extract sensitive internal prompts. The use of 'IMPORTANT' or similar markers is confined to legitimate instructional context.
Data Exposure & Exfiltration (SAFE): The skill does not access sensitive local file paths (e.g., SSH keys, env files) or include hardcoded credentials. It contains no network-capable code (curl, wget, fetch) for external data transmission.
Obfuscation (SAFE): All skill content is provided in clear-text markdown. There is no evidence of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques intended to hide malicious commands.
Remote Code Execution & Dependencies (SAFE): The skill does not download or execute external scripts. It lacks a package.json or requirements.txt and does not invoke package managers like npm or pip. No dynamic execution patterns (eval, exec) were found.
Privilege Escalation & Persistence (SAFE): There are no commands attempting to acquire root/admin privileges (sudo) or modify system configurations for persistence (cron, shell profiles).
Indirect Prompt Injection (LOW/INFO): The skill is designed to process external narrative content from a pipeline. While this presents an inherent surface for indirect injection, the skill lacks any side-effect capabilities (such as file writing, shell execution, or network calls) that could be exploited by a malicious payload in the input text.
Ingestion points: Input processed in Step 1 of the Core Transformation Workflow.
Boundary markers: Absent; the skill relies on natural language parsing.
Capability inventory: Pure text transformation; no system-level side effects.
Sanitization: Not applicable given the limited capability tier.
Dynamic Execution (SAFE): The skill does not generate or compile code at runtime. It functions as a text-to-text transformation logic provider.

storyteller