tone-matching
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill recommends prompt engineering patterns that are susceptible to indirect prompt injection. Untrusted user input is interpolated directly into system-level prompts.
- Ingestion points: The
messagevariable within thegenerateResponseprompt template and the few-shot examples inSKILL.md. - Boundary markers: Absent. User messages are placed directly after labels (e.g.,
Prospect's message: ${message}) without delimiters like XML tags or triple quotes that could help the model distinguish instructions from data. - Capability inventory: The templates primarily focus on text generation and tone selection; no dangerous capabilities like shell execution or network access are exposed through these specific templates.
- Sanitization: No sanitization, validation, or escaping logic is suggested for the input message before it is processed by the LLM.
Audit Metadata