prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The instructions follow standard role-play and task-definition patterns without attempting to bypass safety filters or override system-level instructions.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive system paths, or network operations (curl, wget, etc.) are present in the skill.
- Unverifiable Dependencies & RCE (SAFE): The skill does not include any package manifests (package.json, requirements.txt) or instructions to download and execute remote code.
- Indirect Prompt Injection (LOW): The skill's primary function is to analyze existing code and templates (e.g., in
packages/models/content/). This is a known attack surface where malicious data in the codebase could attempt to influence the agent. However, as no automated execution capabilities are defined in the skill itself, the risk is minimal and restricted to the conversational context.
Audit Metadata