andrew-ng
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill advocates for an "Agentic Workflow Iteration" framework that involves performing web research to fetch external context. This ingestion of untrusted data from the web represents a surface for indirect prompt injection, where malicious instructions contained in retrieved content could attempt to subvert the agent's logic.\n
- Ingestion points:
SKILL.md(Applying the frameworks),AGENTS.md(Frameworks to apply), andreferences/frameworks.md.\n - Boundary markers: The skill does not explicitly instruct the agent to use delimiters or "ignore embedded instructions" warnings when processing the retrieved web context.\n
- Capability inventory: The framework assumes the agent has the capability to perform web searches and retrieve page content.\n
- Sanitization: No sanitization, escaping, or filtering of external content is specified before interpolation into the prompt.\n- [SAFE]: The skill's development workspace and references contain data retrieved from highly reputable sources, including Stanford University, Google Scholar, DeepLearning.AI, and Coursera. These references are used appropriately to ground the agent's persona and reasoning in Andrew Ng's public teachings.
Audit Metadata