idml
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill extracts text from untrusted IDML story files via
extract_story_text.py, creating a surface for indirect prompt injection. Ingestion points:Stories/*.xml. Boundary markers: None. Capability inventory: File system write access (pack_idml.py) and local script execution viarunpy(smoke_test.py). Sanitization: No natural language sanitization is performed. - COMMAND_EXECUTION (LOW): The
smoke_test.pyscript utilizesrunpy.run_pathto execute local helper scripts within the same package. This is used for round-trip validation and is generally safe but qualifies as dynamic execution of local code.
Audit Metadata