prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides templates that interpolate user-supplied data (e.g.,
{user_input}in the classification example). While this represents an injection surface where an attacker might try to override instructions, the skill lacks any capabilities—such as network access, file system modification, or command execution—that would allow for an exploit to manifest as a security breach. - [Dependency Analysis] (SAFE): No external dependencies, package managers, or remote scripts are referenced.
- [Capability Review] (SAFE): The skill consists entirely of natural language instructions and templates. It does not invoke subprocesses or perform any privileged operations.
Audit Metadata