refine-prompt
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-provided requests ($ARGUMENTS) directly into its instructions to generate refined prompts. Ingestion points: Untrusted data enters via the $ARGUMENTS variable. Boundary markers: The skill lacks delimiters or explicit instructions to the agent to ignore any embedded commands within the user input. Capability inventory: The skill possesses the ability to create directories (mkdir), read files, write files, and perform globbing. Sanitization: No validation or filtering is applied to the input before it is used to influence the agent's behavior.
- [COMMAND_EXECUTION]: The skill executes the 'mkdir' command using the Bash tool. While this is a form of command execution, the risk is mitigated by the tool restriction in the YAML configuration which limits the Bash tool to directory creation only.
Audit Metadata