prompt-lookup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because its core purpose is to ingest and process text from an external, community-driven repository (prompts.chat) and treat that text as 'prompts' (instructions).
- Ingestion points: Data enters the agent's context through the
search_promptsandget_prompttools which query the prompts.chat MCP server. - Boundary markers: Absent. The skill provides no instructions to the agent to treat fetched prompts as untrusted data or to isolate them using delimiters.
- Capability inventory: The output of these tools is used directly in the conversation flow to 'improve' or 'retrieve' prompts, meaning malicious instructions in the fetched data could take control of the agent's logic or output generation.
- Sanitization: None. There is no evidence of filtering, escaping, or validation of the fetched strings before they are presented to the user or processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata