prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection (Category 8) due to its core function of processing user-supplied data within LLM prompts.
- Ingestion points: Untrusted data is interpolated into prompt templates via variables such as
{user_input},{user_question}, and{user_message}inSKILL.md. - Boundary markers: The documentation identifies the use of XML tags and delimiters as a defense mechanism, but the skill does not programmatically enforce these boundaries.
- Capability inventory: The skill is equipped with highly permissive tools, including
run_command,edit_file, andrewrite_file. - Sanitization: There is no evidence of automated sanitization, escaping, or validation of the input data before it is processed by the agent or used in command execution.
- [COMMAND_EXECUTION]: The skill defines the use of
run_commandfor the purpose of running evaluation and test scripts. This represents a significant capability that could be exploited if an attacker successfully injects malicious commands through the indirect prompt injection vectors described above.
Audit Metadata