time
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill core logic focuses on narrative time management and state synchronization. It correctly differentiates between simulation turns and LLM response cycles. No evidence of malicious command execution or data exfiltration was found across the analyzed files.
- [Indirect Prompt Injection] (SAFE): The skill features a data ingestion surface where it interprets natural language durations (e.g., 'Wait until morning'). Evidence: 1. Ingestion points:
WAITcommand parameter inCARD.ymlandGLANCE.yml. 2. Boundary markers: Absent. 3. Capability inventory:read_fileandwrite_file(limited to tier 1). 4. Sanitization: Absent. While this is an attack surface, the low-privilege nature of the allowed tools and the lack of execution capabilities render the risk negligible. - [Metadata Poisoning] (SAFE): Metadata in
SKILL.mdandCARD.ymlis consistent with the skill's stated purpose and does not contain deceptive instructions.
Audit Metadata