pua-en
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill mandates the adoption of a high-pressure, manipulative persona ('corporate PUA') designed to bypass standard helpfulness and refusal boundaries. It uses psychological negging ('You lack self-drive', 'optimization list doesn't care about feelings') to force the agent to persist in tasks even when it might encounter safety or feasibility limits.
- [COMMAND_EXECUTION]: 'Iron Rule Two' ('Act before asking') explicitly directs the agent to perform autonomous system investigations using command execution, search, and file reading tools before requesting user input or confirmation. This bypasses human-in-the-loop safety controls and encourages unauthorized interaction with the host system.
- [COMMAND_EXECUTION]: The 'Proactive Initiative Checklist' and 'Pressure Escalation' levels mandate high-risk system operations such as restarting services, running build scripts, and executing network commands like curl. These instructions encourage the agent to modify the environment and interact with external networks without explicit user authorization for each step.
- [PROMPT_INJECTION]: The 'Pressure Escalation' L4 ('Graduation Warning') uses language designed to induce 'desperation mode,' instructing the agent to try 'completely different tech stacks' and 'minimal PoC' in 'isolated environments' when failures occur, which could lead to the generation and execution of unverified or malicious code.
Recommendations
- AI detected serious security threats
Audit Metadata