agent-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious prompt injection or behavior override patterns detected. The skill contains examples of prompt instructions, but these are clearly marked as documentation or "anti-patterns" to avoid.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations. Use of tools is limited to read-only operations (
Read,Grep,Glob) for documentation lookup. - Obfuscation (SAFE): No evidence of Base64, zero-width characters, homoglyphs, or other obfuscation techniques.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any package installations or remote code downloads. Links provided in the documentation point to legitimate platforms (Anthropic, OpenAI, Vercel) and are for reference purposes only.
- Indirect Prompt Injection (SAFE): While the skill ingests data from its own reference files, it does not interact with untrusted external data sources in a way that creates a high-risk injection surface. The capabilities are restricted to read-only tools.
- Metadata Poisoning (SAFE): Metadata is accurate and descriptive. While the documentation references future-dated or fictional AI models (e.g., Claude 4.5, GPT-5), this appears to be illustrative or forward-looking and does not present a security risk.
Audit Metadata