dspy-output-refinement-constraints
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill demonstrates processing external, untrusted data strings through LLM modules to perform summarization and extraction.
- Ingestion points: User-provided inputs like 'document', 'text', and 'question' are directly passed into DSPy modules across all workflow phases.
- Boundary markers: The provided templates do not use explicit delimiters (like XML tags or specific markers) to separate the untrusted data from the signature instructions.
- Capability inventory: The skill uses prediction and validation functions (dspy.Predict, dspy.Refine); the analyzed code snippets do not invoke dangerous system-level operations or external network requests beyond the LM provider.
- Sanitization: The skill relies on reward functions to validate output format and content, which improves reliability but does not sanitize the input against sophisticated adversarial instructions embedded in the processed text.
Audit Metadata