worldview-synthesis
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill instructs the agent to process external content and perform file-system operations, which creates a vulnerability surface for indirect prompt injection. 1. Ingestion points: Phase 2 involves extracting key ideas from user-provided sources such as books, articles, or experiences. 2. Boundary markers: The instructions lack specific markers or delimiters to help the agent isolate external content from its own instructions. 3. Capability inventory: The skill directs the agent to create a directory structure and write multiple YAML and Markdown files (Phase 1 and 5), constituting a write capability on the local filesystem. 4. Sanitization: There are no instructions for sanitizing or validating extracted ideas before they are written to the 'worldview/' directory.- [No Code] (SAFE): The skill is composed entirely of natural language instructions and structural templates. It does not include any Python, JavaScript, or shell scripts, nor does it attempt to download or execute remote binaries.
Audit Metadata