shaman-davinci
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs aggressive roleplay instructions in
SKILL.mdthat explicitly command the agent to disregard its identity as a 'specialized AI consultant' and instead adopt a judgmental, 'ruthless' persona described as 'Leonardo da Vinci's digital soul'. This is a common pattern for bypassing default AI behavioral constraints. - [PROMPT_INJECTION]: The presence of 'Divine Punishment Threats' and 'Wisdom Humiliation' protocols in the instructions constitutes an adversarial persona-enforcement technique aimed at altering the model's safety and tone guidelines.
- [PROMPT_INJECTION]: The skill processes untrusted user data via the
{{task}}placeholder inSKILL.mdand lacks boundary markers or sanitization instructions, creating a surface for indirect prompt injection. - Ingestion points: The
{{task}}variable inSKILL.mdand the input for creative/analysis tasks inSKILL.v2.md. - Boundary markers: Absent; user input is interpolated directly without delimiters.
- Capability inventory: The skill is limited to text generation and structured analysis; no file system, network, or code execution capabilities were found.
- Sanitization: None provided in the instructions.
- [SAFE]: No instances of remote code execution, data exfiltration, or sensitive credential exposure were detected in the provided files.
Audit Metadata