prompt-templating
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to build prompts by interpolating data from untrusted sources, which creates a surface for indirect prompt injection.\n
- Ingestion points: The skill gathers data from user messages, template files (e.g., templates/code-review.txt), and external file contents retrieved via the Read tool.\n
- Boundary markers: The templates do not utilize structural delimiters (such as XML tags) to separate interpolated data from system instructions, making it possible for data to be misinterpreted as commands.\n
- Capability inventory: The agent using this skill has access to Read, Write, Edit, and Grep tools, which could be misused if a malicious instruction is successfully injected.\n
- Sanitization: While the SKILL.md file advises the agent to sanitize input, there is no programmatic enforcement of this practice within the skill's static files.\n- [NO_CODE]: The skill consists entirely of markdown documentation, instructional text, and template files. It does not include any executable scripts, binaries, or external package dependencies.
Audit Metadata