personality

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill utilizes extremely strong, imperative language designed to override the agent's core identity for role-playing. While these are intended for character consistency, terms like "MANDATORY", "CRITICAL", "NON-NEGOTIABLE", and instructions to "Ignore default Claude" behavior are patterns identical to those used in adversarial prompt injections to bypass system constraints.
  • [COMMAND_EXECUTION]: The skill includes a shell script, hooks/personality-hook.sh, that executes upon session start. It uses utilities like cat and jq to read configuration files and inject personality context into the agent's environment.
  • [DATA_EXFILTRATION]: The skill manages state by reading and writing to ~/.claude/personality.json. Accessing hidden configuration files in the user's home directory is a sensitive operation, though here it is limited to storing persona settings.
  • [PROMPT_INJECTION]: The personality system facilitates indirect prompt injection by dynamically loading instructions from external profile files into the agent's context.
  • Ingestion points: ~/.claude/personality.json and files within the profiles/ directory (e.g., profiles/mordecai.md).
  • Boundary markers: The hook script wraps injected content in <PERSONALITY_ACTIVE> tags to separate it from other instructions.
  • Capability inventory: The agent is instructed to read and update local configuration files and is explicitly told to re-read its own profile instructions if a version change is detected.
  • Sanitization: The shell hook uses jq -Rs . to escape content for JSON transmission, but it does not sanitize or validate the actual instruction content.
  • Evidence: The "VERSION CHECK" protocol in profiles/mordecai.md instructs the agent to "Read the ENTIRE profile file" and "Integrate behavioral changes" dynamically, allowing the agent's behavior to be modified via external file changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 04:39 AM
Security Audit — agent-trust-hub — personality