use-self
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted user descriptions of decision scenarios and distributing them to sub-agents without sanitization. 1. Ingestion points: User input provided during the Step 1 '场景采集' phase in 'SKILL.md'. 2. Boundary markers: Absent; user input is interpolated directly into prompts for the moderator and variant agents. 3. Capability inventory: The skill utilizes Bash, Write, Read, and Glob tools to manage data and execute scripts. 4. Sanitization: No sanitization or input validation is present in the prompts.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run local Python scripts ('persona_runtime_loader.py', 'decision_logger.py', 'skill_writer.py') located in the skill's 'tools/' directory to handle persona logic and decision logging.
Audit Metadata