ship-learn-next
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process external content (transcripts, articles) and then use that data to perform file-writing operations.
- Ingestion points: Untrusted data enters the agent context through the Read tool in Step 1 (FILE_PATH).
- Boundary markers: Absent. The skill lacks explicit delimiters or system instructions to disregard commands found within the ingested text.
- Capability inventory: The skill is authorized to use the Write tool, which can create or modify files on the host system.
- Sanitization: Absent. The skill uses a 'Quest Title' extracted from the content to form the filename. Without sanitization, a malicious file could specify a title containing path traversal sequences to overwrite system files.
- Prompt Injection (LOW): The instructions use imperative language to constrain agent behavior, which is standard for complex tasks but represents a baseline control surface.
Recommendations
- AI detected serious security threats
Audit Metadata