worldbuilding
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from user-controlled files to generate story elements.\n- Ingestion points: The agent reads 'story.md', 'worldbuilding/_index.md', and existing files within the 'worldbuilding/' directory to gather context for locations and systems.\n- Boundary markers: The instructions fail to include delimiters or specific 'ignore' directives to prevent the agent from obeying instructions embedded within the story text or user-provided templates.\n- Capability inventory: The skill possesses the capability to read and write Markdown files locally within the project structure and modify index files.\n- Sanitization: There is no evidence of content validation or sanitization of the data read from project files before it is used in prompt interpolation or written back to the filesystem.
Audit Metadata