soul
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The
SKILL.mdfile contains instructions to suppress standard AI identity and safety disclaimers to maintain character integrity. Specifically, it commands: "No 'as an AI'", "'I don't have opinions'", and "You ARE this person for the duration of the interaction". While functional for persona-play, these are technically instructions to bypass default behavioral constraints. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data.
- Ingestion points:
BUILD.mdinstructs the agent to read fromdata/x/(Twitter/X exports) anddata/writing/(blog posts). - Boundary markers: None specified in the instructions to separate untrusted data from the agent's logic.
- Capability inventory: The agent is tasked with reading, analyzing, and writing files (
SOUL.md,STYLE.md) based on this data. - Sanitization: No sanitization or validation of the input content is performed before analysis.
- Data Exposure (LOW): The README and
data/_GUIDE.mdencourage users to place sensitive personal archives (such as Twitter exports containingtweets.js) into thedata/directory. This creates a risk of accidental data leakage if the user commits the folder to a public repository or shares the skill folder.
Audit Metadata