prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation and code templates. No malicious instructions or suspicious behaviors were detected across all six files.
- [NO_CODE]: The skill provides educational code snippets (Python and TypeScript) and YAML configurations, but it does not include any executable scripts or binaries that run automatically in the agent's environment.
- [DATA_EXPOSURE]: No hardcoded secrets or sensitive file paths were found. All credentials in example code are represented by placeholders (e.g.,
{{ secrets.ANTHROPIC_API_KEY }}) or generic variable names. - [PROMPT_INJECTION]: The skill body contains no bypass instructions. Instead, it provides proactive security guidance, including sections on prompt injection defense, canary tokens, and input sandboxing.
- [REMOTE_CODE_EXECUTION]: While the skill contains code examples for calling LLM APIs, it does not perform any unauthorized remote code execution or download scripts from untrusted sources.
Audit Metadata