prompt-engineering
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines various prompt templates across several files that ingest untrusted user data via variables like {user_input} or {source_text}. These templates create a surface for indirect prompt injection because they lack explicit instructions to the model to ignore instructions embedded within the variables.
- Ingestion points: Untrusted data enters via variables in SKILL.md and multiple reference files in the references/ directory.
- Boundary markers: While some templates use structural headers, they do not consistently include directives to disregard instructions inside the variable content.
- Capability inventory: The skill allows tools such as Bash, Write, and Edit, which increases the potential impact if an injection occurs.
- Sanitization: There is no evidence of sanitization or validation of the untrusted input before it is interpolated into the prompts.
Audit Metadata