Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/prompt-engineering/Gen Agent Trust Hub

prompt-engineering

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a framework for building prompts by interpolating variables, which creates a surface for indirect prompt injection if user-controlled data is used without care.
  • Ingestion points: Found in references/template-systems.md within the render method of the TemplateEngine and in various templates in references/few-shot-patterns.md (e.g., {input_text}, {inquiry_text}).
  • Boundary markers: The skill's design guidelines in references/system-prompt-design.md suggest using XML tags (<tag>), markdown headers (###), and thinking blocks (<thinking>) to delimit data from instructions.
  • Capability inventory: The skill has access to Read, Write, Edit, Glob, Grep, and Bash tools.
  • Sanitization: The documentation in references/template-systems.md specifically identifies 'Input Validation: Sanitize all template variables' as a best practice to prevent injection.
  • [COMMAND_EXECUTION]: Several files contain Python utility scripts for dynamic template rendering and performance analysis.
  • Evidence: references/template-systems.md provides a TemplateEngine class for runtime string interpolation and conditional logic. references/optimization-frameworks.md includes scripts for calculating success rates, token efficiency, and statistical significance using NumPy and SciPy libraries.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 11:31 PM