Skills
skills/repo-phuocdt/prompt-engineer-skill/prompt-engineer/Gen Agent Trust Hub

prompt-engineer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Data Exposure & Exfiltration (SAFE): No sensitive file access or network communication was found. The installer script (cli.js) only interacts with the local file system to place skill files in the standard ~/.claude/skills/ directory.
  • Unverifiable Dependencies & Remote Code Execution (SAFE): The package.json contains no external dependencies. The installation script uses standard Node.js built-in modules (fs, path, os) and does not use eval() or exec() for dynamic code execution.
  • Prompt Injection (SAFE): The instructions in SKILL.md define an expert persona and workflow without including markers that attempt to bypass AI safety filters or override system instructions.
  • Indirect Prompt Injection (SAFE): While the skill is designed to process untrusted user input (rough prompts), it does not define any tools or capabilities (such as code execution or network requests) that could be exploited through malicious data ingestion.
  • Persistence Mechanisms (SAFE): The installer script provides a straightforward way to add or remove files from the local skills directory as part of the intended installation process, without modifying system startup or shell profiles.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM