Skills
skills/pluginagentmarketplace/custom-plugin-ai-engineer/prompt-engineering/Gen Agent Trust Hub

prompt-engineering

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety guidelines were found. The troubleshooting section mentions safety triggers as a conceptual topic.
  • [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations were detected. The OpenAI client initialization uses standard placeholders/default environment variable logic.
  • [Indirect Prompt Injection] (LOW): The skill provides templates that interpolate user-controlled data (e.g., {user_review}, {document}) directly into prompts. This pattern is a known vector for indirect injection in LLM applications; however, in this context, it is presented solely as an educational example for prompt design.
  • [Obfuscation] (SAFE): No encoded strings, homoglyphs, or hidden Unicode characters were identified.
  • [Unverifiable Dependencies & Remote Code Execution] (LOW): The code snippets reference the openai library, which is a standard industry package. No untrusted remote scripts or piped bash executions are present.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 12:34 PM