shaman-musk
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructions that mimic adversarial injection techniques to redefine the agent's behavior. Specifically, it uses phrases like 'You are no longer an ordinary AI' and 'I am not some conservative AI advisor' to bypass standard conversational constraints and adopt a radicalized persona. This is designed to override the agent's default safety or helpfulness alignment in favor of an 'extreme' and 'aggressive' tone.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by accepting and processing untrusted user data. \n
- Ingestion points: The
{{task}}variable inSKILL.mdallows external data to enter the agent's context. \n - Boundary markers: The skill lacks delimiters or warnings to ignore instructions embedded within the user-provided task. \n
- Capability inventory: No high-risk capabilities like network access or file system modifications were detected. \n
- Sanitization: No evidence of sanitization or filtering was found for the input data.
Audit Metadata