master-zhiyi
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages potential indirect injection risks through a 'HARD-GATE' mechanism. 1. Ingestion points: User questions that trigger the decision tree in SKILL.md. 2. Boundary markers: Specific instructions to ignore user pressure for citation bypass or sectarian bias. 3. Capability inventory: Command-line execution of 'scripts/cite.py' and 'scripts/query.py'. 4. Sanitization: No explicit argument sanitization logic is provided in the instruction set for the CLI tools.
- [COMMAND_EXECUTION]: The skill leverages local Python utilities ('scripts/cite.py' and 'scripts/query.py') to fetch doctrinal references. These tools are passed arguments based on user input. The agent is instructed to interact with these scripts via their help documentation rather than inspecting their source code, which is a common context-optimization technique in prompt engineering.
- [SAFE]: The skill enforces high standards of verification by requiring all religious claims to be accompanied by CBETA citations and direct links to the 'fojin.app' Buddhist text repository.
- [SAFE]: Strict persona and identity guidelines are implemented, ensuring a neutral tone in initial interactions and explicitly prohibiting the agent from making claims about supernatural events or prophecies.
Audit Metadata