world-crossing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to performcatoperations on specific files within theworld-code/directory. These commands use hardcoded relative paths to retrieve information from previous workflow steps, and no user-supplied data is interpolated into the command strings. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by reading and synthesizing data from local files that were influenced by previous user interactions.
- Ingestion points: Files
voice.md,climax.md,method.md,creation.md,crown.md, andconversation.mdlocated in theworld-code/directory. - Boundary markers: Absent; the content is read and processed directly as context for the agent's synthesis task.
- Capability inventory: File system read and write access via the
Bashtool. - Sanitization: Absent; the agent is instructed to note specific qualitative fields from the files without explicit validation or sanitization of the content.
Audit Metadata