world-method
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash tool to execute
catcommands for reading local files such asworld-code/voice.md,world-code/climax.md, andworld-code/method.md. These operations are limited to a specific subdirectory and are necessary for the skill's primary function of retrieving and updating user data. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses local files containing user-provided branding and methodology data. There is no evidence of access to sensitive system files (e.g., SSH keys, environment variables) or network calls to exfiltrate data.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads untrusted content from local files and incorporates that content into its own discovery questions and synthesis steps.
- Ingestion points: Reads from
world-code/voice.md,world-code/climax.md, andworld-code/method.mdvia the bash tool. - Boundary markers: None present; the file content is read and then referenced directly in instructions to the agent.
- Capability inventory: The skill can read/write files and invoke other internal skills (
/world-voice,/world-climax,/world-creation). - Sanitization: No sanitization or validation of the file content is performed before the data is interpolated into the agent's context.
Audit Metadata