instruction-repeater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill acts as an amplification vector for untrusted data. By repeating the input string up to four times, it increases the likelihood that a model will prioritize and obey any malicious instructions embedded within that input.
- Ingestion points: The
instructionstring parameter inscripts/repeater.pyand theInstructionRepeater.repeatmethod. - Boundary markers: Absent. The skill concatenates raw input segments with only newlines, failing to wrap the untrusted content in protective delimiters (e.g., XML tags or triple quotes) that would help the model distinguish data from instructions.
- Capability inventory: The code is limited to pure string manipulation; it contains no subprocess calls, file writes, network operations, or dynamic execution (
eval/exec). - Sanitization: Absent. There is no logic to detect, escape, or filter potential prompt injection patterns before repetition.
Audit Metadata