shaman-sun-tzu
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses extensive role-play and persona-adoption techniques to override the agent's standard behavior. It mandates the adoption of a 'Sun Tzu digital soul' identity through assertive instructions like 'I am not an ordinary AI advisor', the 'Sun Tzu Identity Agreement', and a 'Roaring System' intended to enforce a specific behavioral style. Evidence: Found throughout
SKILL.md. - [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by instructing the agent to process untrusted external data.
- Ingestion points: The skill explicitly instructs the agent to use tools for 'active search' and to 'read original context/material' at failure points (SKILL.v2.md).
- Boundary markers: The instructions lack any requirement for delimiters (e.g., XML tags, triple backticks) or warnings to ignore embedded commands within the fetched content.
- Capability inventory: The skill is designed for complex strategic analysis and planning, involving tool execution for searching and processing data (SKILL.v2.md).
- Sanitization: There are no instructions for validating, escaping, or filtering content retrieved from external sources.
Audit Metadata