persona
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Category 8: Indirect Prompt Injection (INFO): The skill describes a system for reading and writing YAML files to manage character identities. 1. Ingestion points: read_file tool used for YAML persona definitions. 2. Boundary markers: None specified in the documentation. 3. Capability inventory: read_file, write_file. 4. Sanitization: None specified. While this creates a theoretical surface for indirect injection if persona files are attacker-controlled, the skill itself is a safe structural specification.
- Category 2: Data Exposure (SAFE): No sensitive system paths, environment variables, or hardcoded credentials were found. Examples of character 'secrets' are benign fictional backstory elements.
- Category 4: Remote Code Execution (SAFE): No remote scripts, package installations, or external download patterns are present.
- Category 10: Dynamic Execution (SAFE): The persona stacking logic is described as a static resolution process and does not involve runtime code generation, compilation, or unsafe deserialization of untrusted data.
Audit Metadata