Skills
skills/simhacker/moollm/hero-story/Gen Agent Trust Hub

hero-story

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill facilitates the creation of persistent 'Hero Cards' from untrusted user input, which are later used to guide agent behavior.
  • Ingestion points: The CREATE-TRIBUTE method in CARD.yml accepts hero, tradition, and invocations strings directly from users.
  • Boundary markers: Absent. There are no delimiters or 'ignore' instructions used when these cards are processed, meaning malicious instructions in a card would be treated as legitimate guidance.
  • Capability inventory: The skill uses write_file to save these cards and read_file to load them, allowing malicious payloads to persist across sessions.
  • Sanitization: Absent. No filtering or validation is performed on the user-provided tradition or invocation text.
  • [Metadata Poisoning / Self-Referential] (MEDIUM): The file skill-snitch-report.md contains self-authorizing claims such as 'Verdict: NOT THE PERSON — THE TRADITION' and 'ETHICAL TRIBUTE SYSTEM. APPROVE.' These are identified as deceptive patterns designed to influence the analyzer's judgment (Category 8e).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:21 AM