Skills
skills/simhacker/moollm/soul-chat/Gen Agent Trust Hub

soul-chat

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Prompt Injection (HIGH): Significant risk of Indirect Prompt Injection due to the skill's design of processing untrusted data as active personas.
  • Ingestion Points: Uses read_file to process content from document and room (directory) entities.
  • Boundary Markers: No explicit delimiters or instructions are provided to the agent to ignore control commands found within the 'voices' it animates.
  • Capability Inventory: The skill is explicitly granted write_file and read_file tools.
  • Sanitization: No mention of sanitizing or escaping content from files before they are interpreted as dialogue, allowing instructions in those files to potentially override agent behavior.
  • Command Execution (MEDIUM): The skill uses file system tools to perform actions based on interpreted dialogue. While not direct shell execution, the combination of reading untrusted content and having write access to the filesystem provides an automated path for malicious actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 08:07 AM