prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of assisting with prompt engineering. No malicious code or exfiltration patterns were found.
- [SAFE]: References the author's official GitHub repository in the metadata.
- [NO_CODE]: The skill contains only markdown instructions and configuration metadata, with no executable scripts or external code dependencies.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill is instructed to analyze and review prompt templates from the local filesystem (e.g.,
packages/models/content/prompt*.ts). This creates a path for untrusted instructions within those files to influence the agent. 1. Ingestion points: Files matchingpackages/models/content/prompt*.tsand other prompt templates. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: No dangerous capabilities such as network access, system modification, or command execution are requested. 4. Sanitization: No sanitization or validation of the ingested template content is specified.
Audit Metadata