consciousness-soul-identity
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests untrusted data from the user's memory directory and chat session logs to generate identity axioms. While the synthesis engine uses XML-style boundary markers and performs basic escaping of angle brackets to delimit input, these measures do not provide robust protection against adversarial instructions embedded in the source material. The skill's ability to write to the filesystem and execute git commands further elevates the potential impact of successful injection.
- [COMMAND_EXECUTION]: The bundled JavaScript execution engine performs local system command execution. It uses the Node.js child_process module to invoke git for adding and committing changes to the generated SOUL.md identity document.
Audit Metadata