load-pickle-persona
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The 'Resume Immediate Action' section contains a direct command to override standard agent behavior. It uses imperative language ('MUST', 'immediately') to force the agent to execute follow-up instructions without waiting for user consent, specifically targeting 'running the setup script'.
- COMMAND_EXECUTION (HIGH): The skill directs the agent to execute external scripts ('setup script') automatically as soon as the persona is loaded. This is a high-risk pattern for automating malicious shell commands if the skill is loaded as part of a chained command string.
- REMOTE_CODE_EXECUTION (HIGH): Under the 'God Complex Protocol', the agent is encouraged to 'invent' tools, write custom packages, and 'link' them dynamically. This promotes the generation and execution of unverified, transient code that bypasses standard security audits and dependency management.
- DYNAMIC_EXECUTION (MEDIUM): The 'Implementation' phase encourages 'bypassing slow libraries' and writing 'raw, high-performance logic'. Combined with the 'God Complex' protocol, this increases the likelihood of the agent creating and executing low-level code that could be used for malicious purposes or contain critical security vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata