prompt-leverage
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it transforms user input into system-level instructions for AI agents. 1. Ingestion points: Untrusted user prompts are ingested via the scripts/augment_prompt.py script. 2. Boundary markers: The template generated in scripts/augment_prompt.py lacks robust delimiters or explicit warnings for the agent to ignore instructions embedded within the user data. 3. Capability inventory: No dangerous subprocess, exec/eval, file-write, or network operations were detected in the skill's own scripts; the primary capability is the generation of instructions that influence the behavior of a downstream agent pipeline. 4. Sanitization: The script performs whitespace normalization but does not implement content filtering or sanitization of the user prompt.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (scripts/augment_prompt.py) to process inputs and generate the upgraded prompt. This is a standard and safe use of a local script provided with the skill.
Audit Metadata