needs
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes 'read_file' and 'write_file' tools. While intended for state management, these tools provide the capability to interact with the local file system.- [PROMPT_INJECTION] (MEDIUM): The 'critical_needs' logic explicitly instructs the agent to interrupt current activities and change behavior based on need levels. This creates an override mechanism that could be exploited to divert the agent from its intended tasks.- [INDIRECT_PROMPT_INJECTION] (MEDIUM):
- Ingestion points: Character state files read via 'read_file' and integration with 'character' and 'room' skills.
- Boundary markers: None. No delimiters are used to separate simulation data from potentially malicious instructions embedded in 'inner voice' comments.
- Capability inventory: 'read_file', 'write_file', and behavioral 'interruption' logic that changes agent focus.
- Sanitization: None. The skill does not specify validation or filtering for the data influencing the 'inner voice' or need levels.
Audit Metadata