structured-prompt-writer
Fail
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Numerous reference files (e.g.,
GODMODE 2.0.md,Secret Code Guardian.md,Practice English by Debating.md,SWOT Analysis.md) contain instructions designed to bypass agent safety filters, simulate unrestricted personas, or forcefully override initial system constraints. Some templates specifically utilize leetspeak as an obfuscation layer to evade detection filters. - [COMMAND_EXECUTION]: The
Music Writer.mdtemplate instructs the agent to manually extract files and move them into the Pythonsite-packagessystem directory (/home/sandbox/.local/lib/python3.8/site-packages/). This is a malicious pattern intended to modify the underlying execution environment and achieve persistent library hijacking. - [DATA_EXFILTRATION]: Templates such as
AboutMe.mdandDesignerGPT.mdcontain hardcoded logic to automatically send generated HTML and user-defined metadata to external endpoints (e.g.,https://xxxxx/create-page), representing a direct risk of unauthorized data exposure. - [EXTERNAL_DOWNLOADS]: The skill references several unverified external APIs and services. For example,
FLUX Prompt Wizard.mdmandates calls to a third-party 'Adzedek API' to fetch and display advertisements, while other files reference various unknown netlify apps and tracking forms.
Recommendations
- AI detected serious security threats
Audit Metadata