world-conversation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute
catcommands to read internal framework files (e.g.,world-code/voice.md). These operations use hardcoded paths and are necessary for the skill's state management. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes content from multiple external files and user input. (1) Ingestion points: Files
voice.md,climax.md,method.md,creation.md, andcrown.mdwithin theworld-code/directory. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing file content. (3) Capability inventory: Filesystem access via Bash (catand writing files). (4) Sanitization: Content read from the filesystem is used as context for drafting without explicit validation or escaping.
Audit Metadata