incoherence
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill contains strong imperative language designed to override agent autonomy. Phrases like 'IMMEDIATELY invoke the script', 'Do NOT explore or detect first', and 'Deviating from the script HARMS the user' are clear markers of behavior override attempts aimed at bypassing standard safety and reasoning loops.
- COMMAND_EXECUTION (LOW): The skill initiates a Python process via
python3 -m skills.incoherence.incoherence. While this is the intended purpose, the instructions to run it blindly before any environmental analysis increase the risk of executing unintended logic. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill is explicitly designed to process external 'documentation, code, and specs'.
- Boundary markers: None. The skill lacks delimiters or instructions to ignore embedded prompts within the files it analyzes.
- Capability inventory: The skill has the capability to execute Python scripts and 'Apply changes' (write access) to the filesystem in Phase 3.
- Sanitization: None. Data from files is passed into the
--thoughtsargument without visible validation or escaping.
Audit Metadata