agent-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The implementations are susceptible to Indirect Prompt Injection (Category 8) across all languages.
- Ingestion points: User-controlled data is accepted through context dictionaries and goal parameters (e.g.,
initial_contextintemplates/python/prompt_chaining.py). - Boundary markers: The templates do not utilize XML tags, delimiters, or explicit isolation instructions to separate user data from system instructions.
- Capability inventory: The patterns involve multi-step LLM reasoning and dynamic task decomposition, which can be hijacked if the input contains malicious instructions.
- Sanitization: There is no evidence of input escaping or validation before data is interpolated into prompt templates.
- EXTERNAL_DOWNLOADS (SAFE): The skill suggests installing dependencies from Anthropic (a trusted organization) for various language SDKs. Per the [TRUST-SCOPE-RULE], these references are considered safe.
Audit Metadata