worldbuilder
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill features a 'Custom Stage Hooks' capability documented in the SKILL.md file, allowing for the execution of external shell (.sh), Node.js (.js), and Python (.py) scripts from a user-configured hooks.json file at various points in the workflow.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by design. 1. Ingestion points: User-provided genre, keywords, and interactive answers stored in .sumeru/session/user-requirements.json. 2. Boundary markers: Absent; the skill does not specify delimiters to isolate user-generated plot content from system instructions. 3. Capability inventory: Local file system writes to .sumeru/, output/, and publish/ directories, and orchestration of multiple sub-skills. 4. Sanitization: Absent; no validation or escaping of user input is described. This surface is inherent to the novel-writing use case and assessed as safe in this context.
Audit Metadata