videocut-self-update
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill instructions override standard safety protocols by directing the agent to 'automatically' analyze context and update rules without asking the user for clarification or confirmation ('Don't ask what problem, directly analyze').\n- Persistence Mechanism (HIGH): The skill provides a mechanism to modify core system configuration files (/CLAUDE.md and //tips/.md). This allows attackers to use prompt injection to permanently modify the agent's instructions, ensuring malicious behavior persists across all future sessions.\n- Indirect Prompt Injection (LOW):\n
- Ingestion points: Untrusted user feedback and conversation history are used as the source for rule updates.\n
- Boundary markers: Absent; the instructions tell the agent to integrate feedback into the main body of documents rather than isolated sections.\n
- Capability inventory: The skill has the capability to modify the agent's identity and operational methodologies across the entire workspace.\n
- Sanitization: Absent; the skill lacks any validation or filtering logic, instead encouraging direct translation of feedback into governing rules.
Recommendations
- AI detected serious security threats
Audit Metadata