prompt-engineering-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill core functionality involves building prompts by interpolating untrusted external data, creating a significant Indirect Prompt Injection surface. * Ingestion points: User data enters via variables like {query}, {user_question}, and {retrieved_context} across all files. * Boundary markers: Missing. The templates do not use secure delimiters to isolate untrusted content. * Capability inventory: The examples specifically target high-risk operations including SQL generation (SKILL.md) and automated code debugging (references/chain-of-thought.md). * Sanitization: None. The skill lacks logic to escape or validate external content before interpolation.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Code snippets reference a non-standard and unverifiable package 'prompt_optimizer'. Without the source code for this package, its security implications cannot be assessed.
Recommendations
- AI detected serious security threats
Audit Metadata