prompt-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external prompt text during analysis, which represents a potential surface for indirect prompt injection. However, the skill explicitly addresses this risk in its instructions and reference documents (references/hardening-checklist.md), recommending the use of XML delimiters and instruction hierarchy to isolate untrusted input.
- [COMMAND_EXECUTION]: The skill supports reading local files for prompt analysis and conversion. This file access is limited to paths provided by the user and is standard for the skill's diagnostic functions. No unauthorized file access or malicious command execution patterns were found.
- [SAFE]: No signs of obfuscation, hardcoded credentials, or unauthorized data exfiltration were detected across the 16 analyzed files. The skill is documented as an informational and engineering resource.
Audit Metadata