prompt-engineer
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill logic is entirely transparent and focused on prompt optimization, with no identified overrides, behavioral redirects, or malicious payloads.
- [EXTERNAL_DOWNLOADS]: The documentation includes user-facing installation instructions involving a GitHub repository (
github.com/eric.andrade/claude-superskills.git) and an NPX command (npx claude-superskills). These resources are associated with the skill author and are not triggered automatically by the skill's runtime. - [PROMPT_INJECTION]: The skill processes untrusted user input to generate structured prompts, representing a surface for indirect prompt injection.
- Ingestion points: Raw user prompts are ingested and processed within the
SKILL.mdworkflow. - Boundary markers: The skill is instructed to present final outputs inside Markdown code blocks to provide structural separation.
- Capability inventory: The skill does not possess capabilities for file system modification, shell command execution, or network communication during operation.
- Sanitization: The skill incorporates an 'Analyze Intent' phase and 'Quality Checks' for output specificity, though it does not explicitly define filters for adversarial text.
Audit Metadata