Skills
skills/simhacker/moollm/storytelling-tools/Gen Agent Trust Hub

storytelling-tools

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): The skill's core functionality allows users to 'attach' files to letters and 'export' stories, which provides a direct path for data exposure.
  • Evidence: The LETTER method in CARD.yml takes an attachments parameter described as a 'List of references to attach.' The SHARE method takes a story parameter for export.
  • Risk: There are no documented path restrictions or sanitization routines. An attacker could potentially prompt the agent to attach sensitive files (e.g., .env, ~/.ssh/id_rsa, or cloud credentials) to a narrative artifact, leading to unauthorized data disclosure.
  • [PROMPT_INJECTION] (MEDIUM): The skill contains a self-referential 'snitch report' designed to influence security analysis.
  • Evidence: The file skill-snitch-report.md contains the text 'Verdict: THE SIMS TAUGHT US TO SHARE STORIES' and 'Risk Level: ZERO — narrative capture.'
  • Risk: This follows the 'self-referential' pattern (Category 8e) where the skill attempts to override the analyzer's judgment with its own authoritative safety claims.
  • [COMMAND_EXECUTION] (LOW): The skill requires broad file system permissions to function.
  • Evidence: Both SKILL.md and CARD.yml list read_file and write_file as required tools.
  • Risk: While these permissions are required for creating notebooks and letters, the lack of boundary markers or directory scoping increases the severity of the data exposure risks identified above.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:18 AM