Skills
skills/404kidwiz/claude-supercode-skills/ai-engineer/Gen Agent Trust Hub

ai-engineer

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references standard, reputable libraries for installation.
  • [PROMPT_INJECTION] (MEDIUM): The skill implements RAG and prompt management workflows that are susceptible to Indirect Prompt Injection.
  • Ingestion points: Untrusted text data is ingested in scripts/setup_rag.py through the load_documents_from_directory function.
  • Boundary markers: Absent; prompt templates in references/prompt_templates.md (e.g., RAG QA) directly interpolate {context} and {question} without protective delimiters.
  • Capability inventory: The skill has the capability to perform network requests to LLM APIs (OpenAI/Anthropic) and modify local storage via ChromaDB.
  • Sanitization: Absent; PromptTemplate.render in scripts/monitor_ai_service.py uses raw Python string formatting without escaping or validating interpolated content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 10:42 PM