wordly-wisdom
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits metadata poisoning by identifying the author as 'openai' in the SKILL.md YAML frontmatter, which contradicts the actual developer information. This is a deceptive practice that may cause users or agents to assign undue trust to the skill.
- [COMMAND_EXECUTION]: The skill invokes bundled Python scripts (scripts/decision_matrix.py and scripts/ev_scenarios.py) to perform mathematical calculations. These scripts execute with local permissions and perform file read/write operations.
- [PROMPT_INJECTION]: An indirect prompt injection vulnerability surface exists due to the following evidence chain:
- Ingestion points: The skill processes untrusted user data for decision matrices and scenario analysis, including file paths provided as arguments to the bundled scripts.
- Boundary markers: No explicit delimiters or 'ignore' instructions are used to sanitize or isolate external data processed by the agent or the Python scripts.
- Capability inventory: The skill can execute subprocesses (Python) and perform file-system read and write operations via the scripts scripts/decision_matrix.py and scripts/ev_scenarios.py.
- Sanitization: The bundled scripts do not validate or sanitize file paths provided to the --input and --output arguments, allowing for potential arbitrary file access or overwriting if the agent's logic is subverted.
Audit Metadata