world-climax
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to manage its local environment, specifically creating a directory (
mkdir -p world-code) and reading configuration files (cat world-code/voice.md). These operations use hardcoded, relative paths and do not involve the execution of arbitrary user-supplied strings. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon data stored in local files.
- Ingestion points: The skill reads content from
world-code/voice.mdin Step 1 andworld-code/climax.mdin Step 2. - Boundary markers: No delimiters or 'ignore' instructions are used to wrap the content read from files.
- Capability inventory: The skill can create directories, read/write files, and invoke secondary skills (
/world-voice,/world-method). - Sanitization: No sanitization or validation is applied to the content read from files before it is used to influence the agent's behavior and output generation.
Audit Metadata