prompt-lab
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill does not contain instructions that attempt to bypass safety filters or override system constraints. It includes a 'When NOT to Use' section that advises pushing back on safety-critical tasks without human review and includes specific failure mode analysis to improve prompt robustness.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns or external script downloads were detected. Code snippets included in 'references/output-constraints.md' and 'references/evaluation-metrics.md' are provided as documentation and example implementations for the user, not for execution by the agent.
- [DATA_EXFILTRATION]: No network operations (e.g., curl, wget, fetch) or commands to access sensitive system files (e.g., SSH keys, AWS credentials) were found. The skill remains within the context of processing provided prompt text.
- [COMMAND_EXECUTION]: The skill does not define or use any shell commands, subprocess calls, or operating system interactions.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or other secrets were found. Placeholders used in code snippets (e.g., 'gpt-4') are standard configuration values.
- [DATA_EXPOSURE]: The skill processes only the data explicitly provided by the user in the 'Current prompt' or 'Task description' fields and does not attempt to access unauthorized files or environment variables.
Audit Metadata