divergence-loop
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The 'persona-catalog.md' file includes role-playing instructions that mimic safety bypass or jailbreak patterns, such as the 'Illegal-ish/Dystopian Hacker' persona which is instructed to operate in a world where laws and morals do not exist. While these are used to encourage 'outside the box' thinking, they utilize techniques commonly associated with attempts to override AI safety constraints.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because user-provided themes and constraints are interpolated directly into system-level prompts for subagents without boundary markers or sanitization.\n
- Ingestion points: User-supplied brainstorming theme (Step 0) and constraints (Step 5).\n
- Boundary markers: Absent in subagent prompt templates; user input is interpolated directly after labels like 'Theme:' or 'Read the constraints:'.\n
- Capability inventory: The skill can spawn new subagents with isolated contexts and write files to the local '.docs/divergence-loop/' directory.\n
- Sanitization: No input validation, escaping, or filtering of user content is performed before it is included in the instruction blocks for subagents.
Audit Metadata