boring-schema-markup
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from local markdown files and uses it to drive agent behavior and output generation.
- Ingestion points: The skill reads six files from the
world-code/directory:voice.md,climax.md,method.md,creation.md,conversation.md, andcrossing.md. - Boundary markers: The skill does not implement delimiters or specific instructions for the agent to ignore any malicious instructions that might be embedded within these user-provided files.
- Capability inventory: The skill possesses no capabilities for subprocess execution, shell commands, file writing, or network operations.
- Sanitization: No sanitization or validation is performed on the content of the ingested files before they are incorporated into the prompt context.
- [NO_CODE]: The skill consists entirely of natural language instructions and does not include any executable scripts, compiled binaries, or library dependencies.
Audit Metadata