Skills
skills/garethmanning/claude-education-skills/competency-framework-translator/Gen Agent Trust Hub

competency-framework-translator

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates user-supplied framework descriptors and context directly into the instruction prompt without isolation.
  • Ingestion points: The skill ingests untrusted data through the framework_reference, target_context, and framework_text variables in SKILL.md.
  • Boundary markers: There are no delimiters or markers (e.g., XML tags or triple quotes) used to separate the external data from the skill's instructions.
  • Capability inventory: The skill itself does not define tool access, but the agent's underlying capabilities could be manipulated by instructions embedded in the external text.
  • Sanitization: The prompt contains no instructions to ignore or sanitize embedded commands within the processed inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:54 PM