prompt-engineering-research
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The Python functions provided in the skill (e.g., create_research_prompt, screen_paper_relevance) are designed to interpolate external data like paper excerpts and abstracts directly into LLM prompts using string formatting. This creates a potential vector where instructions hidden within research materials could influence the agent. However, the risk is minimal as the skill lacks any dangerous capabilities such as network access, file system modification, or command execution.
- Ingestion points: 'text' parameter in create_research_prompt and methodology_critique, 'data' in research_cot_prompt, and 'abstract' in screen_paper_relevance.
- Boundary markers: None are used in the provided templates to separate user data from instructions.
- Capability inventory: No tools or scripts performing network operations, file writes, or subprocess execution are present.
- Sanitization: No sanitization or escaping of input data is performed within the provided Python snippets.
Audit Metadata