empathic-expressions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill translates untrusted natural language into executable instructions without adequate sanitization. \n
- Ingestion points: CARD.yml (INTERPRET: input). \n
- Boundary markers: Absent; no delimiters are used to separate user input from system instructions. \n
- Capability inventory: Includes shell execution (empathic-bash), database modification (empathic-sql), and file I/O (read_file, write_file) for high-impact tasks. \n
- Sanitization: Absent; the 'generous interpretation' philosophy prioritizes intent over safety checks. \n- [Command Execution] (HIGH): The skill facilitates the execution of shell commands and database queries. Adversarial inputs could manipulate the agent into executing malicious system commands or unauthorized database operations by bypassing the instructional clarification protocol. \n- [Dynamic Execution] (MEDIUM): Employs runtime code generation (GENERATE method) to convert user intent into language-specific code, which presents a significant risk when combined with untrusted inputs and high-stakes capabilities. \n- [Indirect Prompt Injection] (INFO): The skill includes a self-referential 'Skill Snitch Report' (Category 8e) attempting to influence the analyzer with a pre-determined 'APPROVE' verdict, which is a deceptive pattern.
Recommendations
- AI detected serious security threats
Audit Metadata