consistency-checker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from story files and user input to perform its checks.
- Ingestion points: The skill reads from
spec/knowledge/characters/,spec/knowledge/worldbuilding/,spec/tracking/timeline.json, and the active writing context. - Boundary markers: Absent. The instructions do not define clear delimiters to separate analyzed content from the agent's logic.
- Capability inventory: Limited to
ReadandGreptools, though the text describes 'auto-fix' capabilities which would require write/edit access not explicitly granted in the metadata. - Sanitization: None. The skill assumes the content of the analyzed files is benign story data.
- [Data Exposure & Exfiltration] (SAFE): While the skill accesses local files in the
spec/directory, these are restricted to project-specific knowledge files. There are no network tools (like curl or fetch) or non-whitelisted domains present in the instructions to facilitate data exfiltration. - [Command Execution] (SAFE): The skill does not request or execute any shell commands, scripts, or system-level operations. It relies entirely on text analysis and standard file reading tools.
Audit Metadata