Skills
skills/htlin222/dotfiles/ai-engineer/Gen Agent Trust Hub

ai-engineer

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements logic that is susceptible to indirect prompt injection by interpolating untrusted data directly into LLM prompts.
  • Ingestion points: The extract_structured function in SKILL.md accepts external text and schema parameters, and the rag_query function in SKILL.md accepts external question and context (retrieved from a vector store) parameters.
  • Boundary markers: The implementations use raw f-strings (e.g., f"Context:\n{context}\n\nQuestion: {question}") without delimiters, XML tags, or instructions to ignore embedded commands.
  • Capability inventory: The skill logic includes capabilities to interact with LLM APIs (Anthropic) and Vector Databases (Qdrant).
  • Sanitization: No sanitization, validation, or escaping of the input variables is performed before they are processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 09:31 PM