character-generator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted user input to populate generated code templates.
- Ingestion points: User requirements collected during 'Phase 1: Requirements Gathering' (such as character bio, traits, and topics) are directly interpolated into TypeScript and Markdown templates.
- Boundary markers: The skill uses template markers like
{CharacterName}for interpolation but does not implement explicit delimiters or instructions in the resulting files to mitigate the risk of the agent interpreting embedded malicious instructions. - Capability inventory: The skill has the capability to perform file system operations using
Write,Edit, andmkdirtools to establish the character project structure. - Sanitization: No sanitization, escaping, or validation logic is specified for the user-supplied strings before they are written to the disk.
- [CREDENTIALS_UNSAFE]: The skill includes code blocks that generate
.env.examplefiles containing placeholders for sensitive secrets, includingOPENAI_API_KEY,ANTHROPIC_API_KEY, and a database connection string with a hardcoded placeholder password (postgresql://user:pass@db-host:5432/eliza). These are identified as template examples rather than active secrets. - [EXTERNAL_DOWNLOADS]: The skill defines a
package.jsonfile that includes dependencies such as@elizaos/core,@elizaos/plugin-bootstrap, and@elizaos/plugin-sql. These are recognized as standard components of the well-known elizaOS framework ecosystem.
Audit Metadata