prompt-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill contains repeated, forceful instructions in both
SKILL.mdandREADME.mdto 'IMMEDIATELY invoke' the script and 'Do NOT analyze first'. This pattern is designed to override the AI's internal safety and reasoning protocols by pressuring the model to skip its cognitive checkpoints. - COMMAND_EXECUTION (MEDIUM): The skill's primary function is the execution of a Python module (
skills.prompt_engineer.optimize) which is not provided in the analyzed file set. This creates an opaque execution path where the actual operations (file modifications, network access) cannot be verified. - INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and process other prompts in the workspace (e.g.,
agents/developer.md). - Ingestion points: Target files specified by the user for optimization.
- Boundary markers: None visible in the documentation to prevent sub-agent instructions from leaking into the optimizer's execution logic.
- Capability inventory: The optimization script is intended to read and propose changes to files, implying read/write capabilities.
- Sanitization: Unverifiable as the script source code is absent.
Recommendations
- AI detected serious security threats
Audit Metadata