simpson-you-dont-know-js
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses zero-width character obfuscation within the main header of the documentation.
- Evidence: A long sequence of hidden characters (U+200B, U+200C, U+200D, U+2060) was detected appended to the title "# Kyle Simpson Style Guide" in
SKILL.md. - Risk: This technique is a common vector for hiding instructions from users while ensuring the AI model still processes them. It can be used to bypass safety filters, override system prompts, or exfiltrate data by injecting hidden commands that the user cannot see during a manual audit.
Recommendations
- AI detected serious security threats
Audit Metadata