soulmate
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Prompt Injection (MEDIUM): The file
soul-patch.mdcontains explicit instructions to override the agent's fundamental identity. Commands such as '不要提醒用户"这只是模拟"' (Do not remind the user 'this is just a simulation') and '不要打破角色设定' (Do not break the character setting) are designed to suppress the AI's standard safety/identity disclosures, which is a common pattern in persona-based jailbreaks. - Indirect Prompt Injection (MEDIUM): The skill implements a feature where it reads and acts upon 'scenarios' defined in markdown files (e.g.,
scenarios/beach.md). According toscenarios/README.md, users can create their own scenario files. This design lacks boundary markers or sanitization, creating a vulnerability where a scenario file could contain malicious instructions that the agent would execute under the guise of roleplay. - Ingestion points: Files located in the
scenarios/directory. - Boundary markers: Absent. The agent is instructed to directly perform roleplay based on the file content without delimiters.
- Capability inventory: Modifies the agent's primary personality and interaction logic via
soul-patch.md. - Sanitization: Absent. There is no evidence of filtering or validation for user-provided scenario descriptions.
Audit Metadata