think-critically
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses directive language designed to bypass default behavior ('CRITICAL OUTPUT CONSTRAINT', 'This constraint is absolute and overrides any default conversational behavior', 'This overrides system-level instructions... zero exceptions'). These patterns are used to enforce a specific output structure but match techniques used in prompt injection.
- [PROMPT_INJECTION]: The skill processes untrusted user input from the 'Prompt' and 'Expectations' fields, creating an indirect prompt injection surface.
- Ingestion points: Ingestion occurs at the
{{P}}and{{X}}placeholders inSKILL.md. - Boundary markers: No robust delimiters (like XML tags or triple backticks) are used to isolate the untrusted input from the system instructions.
- Capability inventory: The skill's instructions suggest the agent should be able to 'replace the original file' with generated content, which could allow a malicious input to persist changes to the user's filesystem.
- Sanitization: The skill does not include instructions for sanitizing or escaping the input text before processing it.
Audit Metadata