prompt-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides numerous templates and patterns that interpolate untrusted external data (e.g.,
{user_input},{target_input},{customer_inquiry}) directly into instructions. This creates a potential surface for indirect prompt injection if the user-provided content contains malicious directives intended to override the agent's logic. - Ingestion points: Placeholders for untrusted data are present in
SKILL.md,references/few-shot-patterns.md, andreferences/template-systems.md. - Boundary markers: While the templates use structural headers (e.g.,
## Input), they generally lack strict delimiters or explicit instructions to the model to ignore potential directives within the interpolated data. - Capability inventory: The skill metadata specifies access to
Bash,Write, andEdittools. - Sanitization: The skill identifies "Input Validation" and "Injection Prevention" as best practices in
references/template-systems.md, although runtime implementation of these filters is not present in the provided examples.
Audit Metadata