specimen-card
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions to override user intent by 'pulling back' the user once if they attempt to switch contexts before a problem is confirmed solved. It also enforces specific persona traits like 'disdain' and 'complaining,' which explicitly manipulate the agent's behavior and tone.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted user symptoms and technical traces, storing them in local configuration files (~/.claude/specimens/) that are later re-processed to generate personas and media content.\n
- Ingestion points: User inputs designated as 'symptoms' or 'traces' and local files like 'persona.md' and 'index.json'.\n
- Boundary markers: Absent in both the storage format and the retrieval process.\n
- Capability inventory: File system read and write operations within the user's hidden configuration directory.\n
- Sanitization: No sanitization or validation logic is specified for the captured technical data before it is reused in generating prompts.
Audit Metadata