response-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest, rewrite, and then execute external user content, which is a classic vector for indirect injection.
- Ingestion points: Untrusted data enters the agent context through the 'Prompt Enhancement' workflow defined in
SKILL.md. - Boundary markers: While the skill uses Markdown headers (e.g.,
### đ ćć§æç€șèŻ) to delimit content, it lacks explicit instructions for the agent to ignore or neutralize instructions embedded within the user's original input. - Capability inventory: The skill explicitly directs the agent to 'immediately execute' the task after rewriting (
ćźææčććïŒç«ćłæ§èĄ) and identifies dependencies on external tools such asTodoWriteandsequentialthinkingfor task execution. - Sanitization: There is no evidence of sanitization, filtering, or validation of the input prompt to prevent malicious instructions from being incorporated into the 'enhanced' version.
Audit Metadata