Skills
NYC
skills/microck/ordinary-claude-skills/prompt-engineering-patterns/Gen Agent Trust Hub

prompt-engineering-patterns

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill provides integration patterns for RAG and template systems that are vulnerable to injection attacks.
  • Ingestion points: Untrusted data enters via variables such as {retrieved_context}, {user_question}, and {query} in SKILL.md (Integration Patterns and Quick Start sections).
  • Boundary markers: Absent. The templates use simple string interpolation (f-strings) without delimiters or 'ignore embedded instructions' headers, which can lead the model to follow instructions hidden in the retrieved context.
  • Capability inventory: The skill references a local execution capability via scripts/optimize-prompt.py and the prompt_optimizer library.
  • Sanitization: No evidence of sanitization or validation for the interpolated strings is provided in the examples.
  • Unverifiable Dependencies (MEDIUM): The code snippets rely on a non-standard library prompt_optimizer and reference a local script scripts/optimize-prompt.py. If these are not vetted, they represent a risk of executing unverified logic during prompt construction or optimization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 10:54 AM