goal
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill documentation explicitly describes a 'Schema Mechanism' where natural language conditions are compiled into executable JS/PY code (e.g.,
complete_when_js: "(ctx) => ctx.player.inventory.includes('treasure')"). This design pattern promotes the dynamic evaluation of potentially untrusted strings as code, a severe security risk. - [COMMAND_EXECUTION] (HIGH): The skill is granted
read_fileandwrite_filepermissions. When coupled with the dynamic execution logic described in the documentation, an attacker who successfully injects a malicious 'Goal' definition could gain unauthorized access to the underlying file system. - [PROMPT_INJECTION] (HIGH): As a skill meant to process quest objectives (likely from external or untrusted narrative data), it lacks boundary markers or sanitization logic. The
complete_whenandrewardfields represent an injection surface where malicious instructions could be embedded to manipulate the agent's logic or downstream actions.
Recommendations
- AI detected serious security threats
Audit Metadata