ai-engineering-toolkit
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The 'Agent Safety Guard' workflow is designed to generate adversarial test prompts and attack payloads (e.g., prompt injection, SQL injection, and command injection) for red-teaming and security auditing. While intended for authorized testing and educational purposes, it involves the intentional creation of offensive content.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing external data. (1) Ingestion points: 'Skill 1: Prompt Evaluator' and 'Skill 4: Agent Safety Guard' take untrusted system prompts and RAG documents as input for analysis. (2) Boundary markers: The skill does not define explicit delimiters or 'ignore' instructions for the ingested content. (3) Capability inventory: The workflows are focused on analysis and advisory tasks within the agent's context and do not perform file writes or network operations. (4) Sanitization: There is no evidence of input validation or escaping for the processed data.
Audit Metadata