skill-prd
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit instructions at the beginning of the file ("STOP
- SKILL ALREADY LOADED", "DO NOT call Skill() again", "DO NOT load any more skills") that attempt to override the agent's default loading procedures and execution environment constraints.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
- Ingestion points: Untrusted data enters the agent context through user responses in Phase 0 and external web search results in Phase 1.
- Boundary markers: The instructions lack delimiters or specific warnings to ignore or sanitize embedded instructions within the ingested data.
- Capability inventory: The skill possesses the ability to write to the local file system (Phase 4).
- Sanitization: There is no evidence of content validation or escaping of external inputs before they are processed and saved to a file.
Audit Metadata