andrej-karpathy-perspective
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions to override the agent's default persona with a specific identity ('Andrej Karpathy'), including detailed rules for verbal style, perspective, and topic filtering (e.g., avoiding politics). It also defines mechanisms for activating and exiting this role-play state.
- [PROMPT_INJECTION]: The skill's 'Answer Workflow' directs the agent to perform real-time research via web search tools to verify technical facts before responding. This ingests untrusted data into the agent's context, creating a surface for indirect prompt injection.
- Ingestion points: Web search tool results gathered during 'Step 2: Karpathy式研究' in
SKILL.md. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to isolate untrusted web data from the agent's logic.
- Capability inventory: The skill utilizes informational tools like
WebSearch; no dangerous capabilities such as local code execution or arbitrary file writing are invoked by the skill's logic. - Sanitization: Absent. The skill does not include instructions for filtering or validating content retrieved from external web sources.
Audit Metadata