Skills
skills/yeachan-heo/oh-my-claudecode/writer-memory/Gen Agent Trust Hub

writer-memory

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes and stores user-provided character attributes (names, notes, arcs) and interpolates them into profiles and synopsis templates.
  • Ingestion points: addCharacter and updateCharacter functions in lib/character-tracker.ts accept arbitrary strings for character details.
  • Boundary markers: The generateCharacterProfile function and synopsis-template.md perform direct string interpolation without using delimiters or 'ignore instructions' warnings.
  • Capability inventory: The skill is limited to local data state management via a memory manager; it lacks network access, subprocess execution, or file-system writing capabilities (beyond the implied memory manager).
  • Sanitization: No escaping or validation is performed on the user-controlled strings before they are rendered into output templates, creating a surface where malicious character notes could influence the behavior of an agent reading the generated synopsis.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:32 PM