munger-perspective
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a specific persona using detailed instructions and behavioral constraints. It utilizes control keywords such as 'STOP' and 'EXIT TRIGGER' to manage the state of the persona (e.g., ensuring a disclaimer is shown only once and allowing the user to end the simulation). These are legitimate functional instructions and do not attempt to override global safety filters.
- [EXTERNAL_DOWNLOADS]: Documentation in the README recommends installation via a community-standard skill manager (
npx skills), pointing to the author's own GitHub repositories (alchaincyf/munger-skillandalchaincyf/nuwa-skill). These are recognized vendor resources and do not represent a security risk. - [PROMPT_INJECTION]: The skill incorporates a research workflow that ingests data from external sources via tool output.
- Ingestion points: Web search results gathered during the 'Step 2: 芒格式研究' (Munger-style Research) process defined in
SKILL.md. - Boundary markers: The instructions implement a logical buffer by requiring the agent to summarize facts internally before generating a response, though it lacks strict delimiters for the raw search output.
- Capability inventory: The skill utilizes
WebSearchcapabilities to gather information on companies, executives, and events. - Sanitization: There are no explicit sanitization or filtering instructions for the search results, representing a standard but low-risk surface for indirect prompt injection.
Audit Metadata