expand-entity
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection through the processing of untrusted world-building files. * Ingestion points: Step 1 (reading paths/files), Step 2 (reading entity state), and Step 4C (scanning world directories/files). * Boundary markers: Absent; the skill does not define delimiters or instructions to ignore embedded commands within the files it reads. * Capability inventory: Step 4A (Edit tool usage for file updates), Step 4B (Saving new files to folders), and Step 5 (Modifying the 'World Overview.md' file). * Sanitization: Absent; there is no validation or filtering of content read from files before it is processed or used to generate new edits.
- COMMAND_EXECUTION (MEDIUM): The skill directs the agent to perform file system operations including file creation and modification. * Evidence: Step 4A uses an internal 'Edit tool' to update file sections, and Step 4B performs 'Save' operations for new entities. This capability, combined with the injection surface, increases the potential impact of malicious instructions hidden in world files.
Recommendations
- AI detected serious security threats
Audit Metadata