storyteller-planner
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via external content ingestion.
- Ingestion points: SKILL.md Step 1 directs the agent to fetch content from user-provided URLs.
- Boundary markers: No delimiters or instructions to ignore embedded prompts are included for the fetched content.
- Capability inventory: No dangerous system capabilities (shell access, file writes) are present in the analyzed files.
- Sanitization: No validation or filtering logic is specified for the external data.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from arbitrary external URLs. While intended for article analysis, these operations target non-whitelisted domains.
Audit Metadata