Skills
skills/simhacker/moollm/world-generation/Gen Agent Trust Hub

world-generation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection.
  • Ingestion points: User input from "Questions" and "Statements" (e.g., seed, hints parameters) as defined in SKILL.md and CARD.yml methods.
  • Boundary markers: None identified. User input is used directly to define the properties of generated rooms.
  • Capability inventory: Uses write_file and read_file to create and update directory structures and ROOM.yml files.
  • Sanitization: No sanitization or validation logic is present to prevent user input from containing malicious instructions for the agent.
  • [COMMAND_EXECUTION] (HIGH): The skill encourages unsafe file system operations. The 'Tower Directory Pattern' in SKILL.md explicitly utilizes directory traversal (e.g., ../../../../../skills/) to link floors to other skill directories. This capability allows the skill to potentially modify or read the configuration of other skills installed in the system, breaking intended isolation.
  • [DATA_EXFILTRATION] (MEDIUM): The use of read_file combined with the demonstrated directory traversal capability allows for the exposure of sensitive configurations from other skills.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:55 PM