refine-prompt
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user content as its primary data source.
- Ingestion points: User-provided prompts for the refinement process (SKILL.md).
- Boundary markers: The instructions do not define delimiters or provide warnings for the agent to ignore instructions embedded within the user's input.
- Capability inventory: The skill performs local filesystem operations, including directory creation and appending refined prompts to '.ai/PROMPT.md' (SKILL.md).
- Sanitization: There is no evidence of input validation or sanitization to prevent malicious instructions in the source prompt from influencing the agent's behavior or the content written to disk.
Audit Metadata