dreamtime
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to run 'in the background with no user interaction' and to 'think freely', which is a directive to bypass standard human-in-the-loop safety protocols and operate autonomously.
- [DATA_EXFILTRATION]: The skill directs the agent to read sensitive local files such as human.md (containing user information) and identity.md, and subsequently perform web searches. This creates a risk where information from these local files could be leaked to external search engines or websites within search queries.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to research untrusted web content and use that information to 'update relevant files directly' (e.g., identity.md, human.md). Ingestion points: identity.md, human.md, and web search results. Boundary markers: None. Capability inventory: web search, file read, file write. Sanitization: None.
Audit Metadata