Skills
skills/jwynia/agent-skills/world-fates/Gen Agent Trust Hub

world-fates

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The scripts exposure-log.ts and fate-choice.ts ingest user-controlled strings via command-line arguments and interpolate them directly into output text.\n
  • Ingestion points: Arguments such as --event in exposure-log.ts and --name/--antagonist in fate-choice.ts accept arbitrary strings from the agent or user.\n
  • Boundary markers: The generated output lacks delimiters or instructions that would signal the agent to ignore embedded instructions within these fields.\n
  • Capability inventory: The tools are restricted to reading local files and do not possess network or command execution capabilities.\n
  • Sanitization: No validation or escaping is performed on the user-provided strings before interpolation.\n- EXTERNAL_DOWNLOADS (LOW): The skill script fate-choice.ts imports a module from an external registry.\n
  • Evidence: import { ... } from "https://deno.land/std@0.208.0/path/mod.ts";\n
  • Status: This is a versioned import from the Deno standard library registry; while not on the explicit [TRUST-SCOPE-RULE] whitelist, it is a standard practice for the runtime and considered low risk.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 09:17 AM