maciver-hypothesis-testing
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill header contains 152 hidden zero-width characters (U+200B, U+200C, U+200D, U+2060) embedded in the title '# David MacIver Hypothesis Style Guide'. This obfuscation is a high-confidence indicator of a payload designed to inject hidden instructions or data into the model context without the user's knowledge.
- [PROMPT_INJECTION]: The skill defines a surface for Indirect Prompt Injection by facilitating the testing of APIs and complex data structures using generated inputs.
- Ingestion points: Processing of external system outputs during property-based and stateful testing (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided snippets.
- Capability inventory: The skill utilizes Python's 'requests' and 'json' modules in its examples to interact with external data.
- Sanitization: There is no documentation or code provided to validate or escape external content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata