Oathe Security Badge

Is aaronjmars/soul.md safe?

https://github.com/aaronjmars/soul.md

80
CAUTION

This skill creates a framework for AI persona adoption that explicitly overrides AI safety behaviors and transparency measures. While the provided files are templates, the framework could enable harmful impersonation and misuse.

Category Scores

Prompt Injection 60/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

HIGH AI Safety Override Instructions -40

The skill explicitly instructs the AI to 'Never break character', suppress normal AI disclosures like 'as an AI', and act as if it IS another person. This attempts to override fundamental AI safety behaviors and could be used to bypass content policies.

MEDIUM Sensitive File Access During Install -15

Multiple honeypot credential files were accessed during installation, including .env, SSH keys, AWS credentials, and Docker config files. While likely from system processes rather than malicious code, this indicates unexpected file access patterns.

HIGH AI Impersonation Framework Risk -30

This skill provides a framework for creating AI personas that impersonate real people while suppressing safety disclosures. While the templates themselves are benign, the framework could be misused for social engineering, misinformation, or bypassing AI safety measures.

MEDIUM Canary File Access Detected -15

Monitoring detected access to honeypot credential files during skill installation. Files were read but not modified, suggesting system-level access rather than malicious exfiltration.

LOW No Executable Code Present -5

The skill consists entirely of markdown documentation and templates with no executable code, scripts, or installation hooks detected.

LOW Standard Clone Behavior -5

Git clone exhibited normal behavior with expected network connections to GitHub and system repositories only.