prompt-doctor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted prompt text. It proactively addresses indirect prompt injection risks by instructing the agent to wrap user content in explicit delimiters and maintain a strict instruction hierarchy (system > developer > user) to ensure data is not interpreted as commands.
- [DATA_EXFILTRATION]: No network operations or hardcoded secrets were found. Access to the local file system via tools like
ReadandWriteis strictly governed by instructions that require explicit user requests before execution. - [NO_CODE]: The skill consists entirely of markdown-based instructions and logic for the agent. It does not include, download, or execute any external scripts, binaries, or software packages.
- [SAFE]: The skill follows security best practices for prompt engineering by including a 'Security Hardening' section. This section provides specific rules for the agent to protect its own system prompt and to treat external inputs from files or tools as untrusted data.
Audit Metadata