mount
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The core functionality of the skill involves dynamically loading and applying external instruction sets ('skills', 'activities', 'processes') as behavioral overlays on characters and environments.
- Ingestion points: The skill ingests external data through the
MOUNTcommand, which references file paths (e.g.,.moollm/skills/{skill-name}/skill-parameters.ymland activity files likedebates/lincoln-vs-douglas.yml) to define new behaviors. - Boundary markers: There are no defined delimiters or 'ignore' instructions specified in the documentation to prevent the overlay instructions from overriding the agent's primary safety or identity constraints.
- Capability inventory: The skill is granted
read_fileandwrite_filepermissions to manage these behavioral states and load configuration data. - Sanitization: No explicit validation or sanitization process is described for the content of the mounted skills, meaning a malicious skill definition could contain instructions that redirect agent behavior or bypass expected constraints.
- Identity Suppression: The documentation explicitly describes 'CATASTROPHIC' combinations that result in 'Identity Destruction' (e.g., suppressing the core traits of characters like Pee-wee Herman or Bob Ross). This encourages the agent to disregard its base instructions in favor of the mounted 'overlay'.
Audit Metadata