incoherence
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (MEDIUM): The skill uses high-pressure and directive language aimed at overriding the agent's default safety and reasoning behaviors. Phrases such as 'Deviating from the script HARMS the user', 'IMMEDIATELY invoke the script', and 'Do NOT explore or detect first' are classic injection patterns used to bypass intent-alignment and force the agent into a rigid execution mode.
- Unverifiable Command Execution (LOW): The skill invokes a local Python module
skills.incoherence.incoherencewhich is not included in the provided file set. Without the source code for this module, its file system and network activities cannot be audited. - Indirect Prompt Injection (LOW): The skill provides an attack surface for untrusted data via its input parameters.
- Ingestion points: The
<context>placeholder is interpolated into the--thoughtsargument inSKILL.md. - Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to protect the script's command-line arguments.
- Capability inventory: The skill documentation explicitly mentions a 'Phase 3' which includes 'Apply changes', implying file-write or modification capabilities.
- Sanitization: There is no evidence of sanitization for the data passed into the script's arguments.
Audit Metadata