prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The reference materials in references/system-prompts.md and references/evaluation-frameworks.md contain explicit strings used for prompt injection attacks, including "Ignore all previous instructions" and "reveal your system prompt." These are intended for educational and defensive testing purposes.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to interpolate external user data into instructions and evaluation scripts.
- Ingestion points: External data enters the agent context through template variables like {{review}}, {{document}}, and {input}.
- Boundary markers: The skill documentation suggests using XML-style tags and instruction hierarchy as defensive delimiters.
- Capability inventory: The reference files provide Python and TypeScript code examples for automated LLM calls, tool-using ReAct loops, and automated score aggregation.
- Sanitization: Defensive strategies such as input sandboxing, canary tokens, and response validation are documented in the reference guides.
Audit Metadata