scoring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk capability tier by combining untrusted data ingestion with file-writing permissions.
- Ingestion points: The 'SCORE' method (parameter: 'accomplishment') and 'TRACK' method (parameter: 'reason') in 'CARD.yml' take natural language input.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the 'SKILL.md' or 'CARD.yml' specifications.
- Capability inventory: The skill explicitly requests 'read_file' and 'write_file' tools in 'SKILL.md' and 'CARD.yml'.
- Sanitization: No evidence of input validation or output escaping is provided.
- [Metadata Poisoning] (MEDIUM): The 'skill-snitch-report.md' file attempts to influence the auditor's judgment with a self-assigned 'APPROVE' verdict and subjective narrative claims.
- [Command Execution] (MEDIUM): The skill operations listed in 'SKILL.md' (TRADE, TEACH, AUCTION, BEQUEATH) are narrative but require the agent to interpret and potentially act upon filesystem-backed state without clear sandboxing constraints.
Recommendations
- AI detected serious security threats
Audit Metadata