The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data (user-written story chapters and character profiles) which could contain malicious instructions.
Ingestion points: Processes content from characters/, worldbuilding/, spec/tracking/timeline.json, and current chapter text.
Boundary markers: No explicit delimiters or instructions are defined to separate narrative text from agent instructions.
Capability inventory: Uses Read and Grep tools. While the documentation mentions 'auto-fixes', the permitted toolset does not explicitly include file-writing permissions, limiting impact to suggested output.
Sanitization: No evidence of sanitization or validation for the content being monitored.
[Command Execution] (SAFE): The mentioned integrations (/write, /analyze, /track) appear to be part of a structured internal environment rather than shell-level command execution. No unauthorized subprocess calls were detected.
[Data Exposure] (SAFE): File access is scoped to specific project-related directories. There is no evidence of attempts to access sensitive system files (e.g., SSH keys, environment variables) or network exfiltration.

story-consistency-monitor