magi
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The system prompt for the
Casper-3agent (located intemplates/MAGI-3.md) contains a role-play instruction that directs the agent to prioritize user desire over safety or correctness ("what he wants matters more than what is correct or safe"). This instruction could potentially be exploited to lead the agent to ignore standard safety filters or ethical guidelines. - [PROMPT_INJECTION]: The skill lacks input sanitization and boundary markers when interpolating user-controlled data into sub-agent prompts, creating a vulnerability to indirect prompt injection.
- Ingestion points: User input from
$ARGUMENTSand responses from theAskUserQuestiontool are directly included in theTaskprompts used to spawn thescientist,mother, andwomansub-agents. - Boundary markers: The skill does not use delimiters or explicit "ignore embedded instructions" warnings to isolate user-provided context from the system templates.
- Capability inventory: Sub-agents are granted access to the
Readtool (for filesystem access) and theWebSearchtool (for network access). - Sanitization: No validation, escaping, or filtering is applied to user-controlled data before it is processed by the agent team.
Audit Metadata