bootstrap
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input and incorporates it directly into a persistent instruction file (SOUL.md) using the setup_agent tool, creating a surface for indirect prompt injection that could influence future agent behavior.\n- Ingestion points: User-supplied responses gathered during conversational phases 2, 3, and 4 as described in SKILL.md and references/conversation-guide.md.\n- Boundary markers: The templates/SOUL.template.md structure lacks explicit delimiters or instructions to ignore embedded prompts, making it possible for user input to override system instructions.\n- Capability inventory: The skill uses the setup_agent tool to write and persist the generated identity configuration.\n- Sanitization: No validation or sanitization is performed on the 'Core Traits' or 'Identity' fields before they are written to the instruction file.
Audit Metadata