emblem-ai-prompt-examples
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill documentation suggests user prompt patterns that trigger the ingestion of untrusted data from external sources, which could be exploited to manipulate the agent if the external content contains malicious instructions.
- Ingestion points: Prompts in
references/emblem-ai-prompt-examples/market-research.mdencourage reading content from arbitrary web sources (e.g., "Get the tokenomics details from Jupiter's website", "Summarize current social narrative... from recent sources", "What are the main points in this crypto thread?"). Prompts inreferences/emblem-ai-prompt-examples/assistant-core-workflows.mdsuggest reading inbox messages ("Read my inbox and summarize anything important"). - Boundary markers: The provided prompt templates do not include explicit boundary markers or instructions for the agent to disregard instructions embedded within the ingested data.
- Capability inventory: The skill provides examples for high-impact actions including token transfers (
transfers-and-safety.md), cross-chain swaps (cross-chain-and-conditional-orders.md), and revealing private keys for vaults (emblem-vault-examples.md). - Sanitization: Not applicable as the skill contains only documentation and prompt examples without implementation logic.
- [NO_CODE]: The skill consists exclusively of Markdown documentation and text-based prompt examples. It does not include executable scripts, binaries, or configuration files that directly execute system commands or network operations.
- [EXTERNAL_DOWNLOADS]: The documentation provides an installation command referencing the vendor's GitHub repository (
EmblemCompany/Agent-skills). This is a standard and neutral mechanism for skill distribution by the author.
Audit Metadata