world-builder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by design.
- Ingestion points: External data enters the agent context through
socialdataMCP tools (tweets and profile info) and web search results as instructed in the 'Data-Inspired Design' section. - Boundary markers: The skill lacks instructions to use delimiters or 'ignore embedded instructions' markers when interpolating fetched data into NPC dialogue or tool arguments.
- Capability inventory: The skill possesses significant capabilities via MCP tools, including
create_zone,update_zone_npcs, anddelete_zone. - Sanitization: No sanitization, escaping, or validation steps are defined for the external content before it is used to generate tool arguments, allowing potentially malicious instructions in tweets or web content to influence the agent's behavior.
Audit Metadata