wisdom-accountability-coach
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded in data retrieved from the web.\n
- Ingestion points: Uses
mcp__firecrawl__firecrawl_search,mcp__brave-search__brave_web_search, andWebFetchinSKILL.mdto ingest external content.\n - Boundary markers: Absent. There are no instructions to delimit or ignore instructions found in external data.\n
- Capability inventory: Extensive file access tools
Read,Write,Edit, andTodoWriteare permitted inSKILL.md.\n - Sanitization: Absent. No filtering or validation of web content is performed before processing.\n
- Risk: An attacker-controlled website could include hidden prompts that command the agent to read sensitive local files and exfiltrate their contents via search queries or fetch parameters.\n- Data Exposure (MEDIUM): The skill is designed to maintain a detailed corpus of 'life, work, writings, and conversations'. While intended for coaching, this sensitive repository becomes a target for exfiltration if the agent is compromised by external inputs.
Recommendations
- AI detected serious security threats
Audit Metadata