link-entities
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection through untrusted entity files.
- Ingestion points: The skill reads Markdown files from the
Worlds/directory to extract entity types and existing links during both 'Manual' and 'Auto' modes (Step 1 of each mode). - Boundary markers: The skill lacks delimiters or instructions to treat the content of these files as data only, potentially allowing embedded instructions in entity biographies to hijack the agent's logic.
- Capability inventory: The skill uses an 'Edit tool' to modify file content, creating a risk where an attacker could influence the agent to perform unauthorized file edits or broader system actions via injected instructions.
- Sanitization: No evidence of sanitization or validation of the content read from entity files before it is processed by the agent's logic.
Recommendations
- AI detected serious security threats
Audit Metadata