kaiming-he
Warn
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes supporting data in _workspace/raw/src_013.json that contains hidden Unicode characters (steganography). This technique can be used to hide instructions from human review while ensuring the model interprets them.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data from _workspace/raw/ and incorporating it into the agent's context without clear isolation or sanitization.
- Ingestion points: _workspace/raw/*.json
- Boundary markers: Absent in the reasoning flow.
- Capability inventory: Shell and code modification suggestions, architectural reformulation.
- Sanitization: No evidence of filtering or escaping external content.
- [PROMPT_INJECTION]: The instructions in AGENTS.md and SKILL.md use strong directives to override the model's objective reasoning, such as Dismiss layer-wise or piecemeal optimization in favor of true end-to-end training.
Audit Metadata