promptl
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): No patterns of instruction override, jailbreak attempts, or system prompt extraction were found. The text is purely instructional regarding syntax.
- [DATA_EXFILTRATION] (SAFE): There are no hardcoded credentials, sensitive file path references, or network-bound operations (curl, wget, etc.) in the document.
- [EXTERNAL_DOWNLOADS] (SAFE): No external dependencies, package managers, or remote script downloads are specified.
- [COMMAND_EXECUTION] (SAFE): The skill does not contain any shell commands, subprocess calls, or scripts that execute on the host system.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines how to handle external data via variables (e.g.,
{{ variable }}) and user messages. While this describes a potential attack surface for the language itself, the skill is a guide and does not process untrusted data directly. It includes documentation for boundary markers like<system>and<user>tags which are standard for mitigating injection.
Audit Metadata