antislop
Fail
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill features a "Pattern Refresh Protocol" that executes shell commands using curl and python3 to fetch data from Wikipedia. This data is then used to modify the skill's own operational instructions in SKILL.md. This self-modification mechanism allows external data to dynamically influence and alter the agent's core logic.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute local system commands (curl and python3) to process internal updates and manage its pattern database.
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration and pattern data from Wikipedia's public API. While Wikipedia is a well-known service, the practice of downloading external content to modify skill behavior is a monitored pattern.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. It ingests untrusted data from an external source (Wikipedia) and integrates it into its own instruction file without verification.
- Ingestion points: Wikipedia API endpoints defined in the refresh protocol.
- Boundary markers: None identified; external content is processed and integrated directly into the SKILL.md prompt.
- Capability inventory: The skill uses Read, Edit, and Write tools to modify its own source files on the local filesystem.
- Sanitization: No automated sanitization or validation of the fetched wikitext is performed before the agent is instructed to update its instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:Signs_of_AI_writing&prop=wikitext&format=json, https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:WikiProject_AI_Cleanup&prop=wikitext&format=json - DO NOT USE without thorough review
Audit Metadata