creating-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The file
references/skill-activation.mdprovides explicit strategies for overriding an AI agent's reasoning.\n - Evidence: The document recommends using high-pressure keywords like 'MANDATORY', 'CRITICAL', and 'WORTHLESS' to force the agent into a 'Commitment Mechanism'.\n
- Evidence: It describes 'Forced eval hooks' designed to compel the AI to 'show its work' (YES/NO evaluation) and commit to activation, bypassing its default implementation logic.\n
- Impact: This constitutes a direct attempt to override agent behavior and bypass the AI's standard operational safety and decision-making filters by leveraging linguistic pressure.\n- [COMMAND_EXECUTION] (LOW): The scripts
scripts/package_skill.pyandscripts/verify.pyperform file system operations.\n - Evidence:
package_skill.pyperforms directory traversal and zip archive creation.\n - Evidence:
verify.pyreads and parses local file content (SKILL.md) using regular expressions.\n - Context: These are functional behaviors for packaging and validation, but they demonstrate the skill's capability to interact with the local host environment.
Recommendations
- AI detected serious security threats
Audit Metadata