Meta Prompt
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8). The skill is designed to ingest and process user-provided strings to generate or optimize instructions.
- Ingestion points: User input enters the context through placeholders like [prompt], [task], and [your repeated prompt] within the SKILL.md templates.
- Boundary markers: Absent. There are no delimiters or 'ignore embedded instruction' warnings to prevent the model from executing commands contained within the user input.
- Capability inventory: The skill's YAML frontmatter explicitly allows the 'Edit' tool, which could be abused to modify the codebase or inject malicious skills if triggered by a poisoned input prompt.
- Sanitization: The skill lacks any logic to sanitize, escape, or validate the content of the processed prompts.
Recommendations
- AI detected serious security threats
Audit Metadata