grey-haven-prompt-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is designed to ingest and refactor external, untrusted content (user prompts), which is a primary vector for indirect prompt injection.
- Ingestion points: User input provided for optimization or 'refactoring' according to the skill's instructions in SKILL.md.
- Boundary markers: The documentation includes Principle 8 (Use delimiters), which serves as a basic but bypassable boundary marker.
- Capability inventory: The skill requires powerful file system tools ('Write', 'TodoWrite', 'Read', 'Glob', 'Grep'), creating a dangerous combination when handling untrusted input.
- Sanitization: There are no technical sanitization or validation steps for user-provided prompts before they are processed by tools.
- [COMMAND_EXECUTION] (LOW): The documentation suggests local terminal commands ('cat') for viewing local files, which is a standard and low-risk operation for documentation access.
Recommendations
- AI detected serious security threats
Audit Metadata