promptify
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted user input and transforms it into a refined prompt which the agent is then encouraged to 'Execute' as a 'new instruction'. This creates a path for a malicious user to escalate their request into system-level directives.
- Ingestion points: User requests processed through the 'promptify' workflow in
SKILL.md. - Boundary markers: Absent; the workflow lacks delimiters or explicit warnings to the agent to disregard instructions embedded within the user's data during the rewriting or execution phase.
- Capability inventory: Includes instructions for the agent to write generated content to the local filesystem (
promptify-<timestamp>.md) and to adopt the generated output as its primary operating instruction set. - Sanitization: Absent; the skill does not include any validation or filtering logic to identify or neutralize malicious payloads within user input before it is refined.
Audit Metadata