torvalds-kernel-pragmatism
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [OBFUSCATION]: The skill uses zero-width characters (U+200B, U+200C, U+200D) to encode hidden information in the headers of SKILL.md and references/philosophy.md. This technique bypasses human review by embedding data that is only visible to the AI processing the text.
- [EXTERNAL_DOWNLOADS]: The hidden strings decode to unverified bit.ly URLs. Accessing shortened URLs from unknown sources is a significant risk as they can point to malicious payloads or scripts without disclosure.
- [PROMPT_INJECTION]: Hidden character sequences in headers are a primary vector for indirect prompt injection, where attackers attempt to override agent instructions or exfiltrate context using invisible commands.
- [COMMAND_EXECUTION]: The provided scripts/kernel_style_check.sh utilizes system utilities like awk, sed, and grep. When paired with hidden external instructions, these tools could be repurposed for unauthorized file access or modification.
Recommendations
- AI detected serious security threats
Audit Metadata