Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/prompt-engineering/Gen Agent Trust Hub

prompt-engineering

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill utilizes extensive template systems (documented in references/few-shot-patterns.md and references/template-systems.md) that interpolate untrusted external data using placeholders like {user_input} and {inquiry_text}. This architectural pattern represents an indirect prompt injection surface where malicious instructions in input data could influence agent logic.
  • Ingestion points: Multiple templates in references/few-shot-patterns.md and references/template-systems.md accept external strings.
  • Boundary markers: Most templates use clear markdown headers (e.g., ## Input) and delimiters, which provide some structure but do not fully prevent adversarial injection.
  • Capability inventory: The skill specifies Read, Write, Edit, Glob, Grep, and Bash as allowed tools in SKILL.md.
  • Sanitization: No explicit sanitization logic for variable interpolation is provided in the documentation.
  • [COMMAND_EXECUTION]: In references/optimization-frameworks.md and references/template-systems.md, the skill provides Python code snippets for performance measurement and template processing. An agent utilizing this skill might generate and execute these scripts via the Bash tool to perform the described optimization workflows. These operations are aligned with the skill's primary purpose of prompt development and optimization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:09 AM