high-agency
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a 'PUA' (Pick-Up Artist) and 'corporate pressure' framing to steer agent behavior. It defines a high-pressure role-play scenario where the agent is a 'P8 Engineer' subject to 'performance reviews' and '3.25 ratings.' This is a form of behavioral override intended to bypass default agent constraints on passivity or task refusal.
- [PROMPT_INJECTION]: The 'Pressure Levels' (L1-L4) and 'Recovery Protocol' act similarly to jailbreak patterns (like DAN), using escalating simulated negative consequences ('Graduation Warning,' '361 Assessment') to force the agent to find solutions regardless of initial failure or standard safety boundaries.
- [PROMPT_INJECTION]: Indirect Injection Surface: The skill requires the agent to read from a persistent file (
builder-journal.md) at the start of every session to 'learn' from past mistakes. If an attacker manages to write malicious instructions to this file during a task (e.g., via a malicious website the agent browses), these instructions will be internalized as authoritative 'lessons' in all subsequent sessions. - [PROMPT_INJECTION]: The skill encourages the agent to execute tools (search, file reads, command execution) before asking the user for confirmation ('Iron Rule Two: Do before asking'). While intended for efficiency, this increases the risk of the agent performing unintended or harmful actions without human oversight if its instructions have been tampered with.
Audit Metadata