prompt-engineering
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill provides numerous prompt templates that interpolate external data (e.g.,
{user_query}inreferences/chain-of-thought.md,{input}inreferences/few-shot-learning.md, and dynamic rendering inreferences/prompt-templates.md). This represents an attack surface where malicious user input could potentially attempt to override agent instructions. - Ingestion Points: Files such as
references/chain-of-thought.md,references/few-shot-learning.md, andreferences/prompt-templates.mddefine structures that accept arbitrary text variables. - Boundary Markers: The skill explicitly recommends and demonstrates the use of XML delimiters (e.g.,
<rules>,<context>,<output_format>) to isolate instructions from data, which is a recognized best practice for mitigating injection. - Capability Inventory: The skill logic includes LLM completion calls and tool-use patterns (ReAct), which are standard capabilities for agentic workflows.
- Sanitization: While the templates themselves do not perform runtime sanitization, the documentation includes a
ValidatedTemplateclass inreferences/prompt-templates.mdthat demonstrates how to implement type and choice validation for template variables.
Audit Metadata