contagious
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Instructions', 'Prerequisites', and 'Error Handling' sections in SKILL.md contain directives that are entirely unrelated to the stated marketing purpose of the skill. They command the agent to 'Assess the current state of the Go configuration' and 're-authenticate with Go', which acts as a behavioral override, potentially hijacking the agent's logic during a marketing task to focus on environment manipulation.
- [COMMAND_EXECUTION]: The skill's 'Instructions' direct the agent to 'Apply the recommended patterns from this skill' to a programming environment ('Go configuration'). Because the patterns are psychological/marketing concepts (e.g., Social Currency, Stories) and the instructions specifically mention applying changes to the project, an agent following these steps could produce nonsensical or destructive modifications to a user's code or configuration files.
- [METADATA_POISONING]: The skill uses deceptive metadata where the name, description, and reference files describe a virality framework, but the execution logic (Prerequisites/Instructions) targets an authenticated Go developer environment. This discrepancy is a strong indicator of low-quality template reuse or intentional misdirection.
Audit Metadata