prompt-engineering-suite
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a significant vulnerability surface by processing untrusted data directly into prompt templates. Evidence: (1) Ingestion: User inputs enter via 'problem' in scripts/cot-template.py and 'input' in references/few-shot-patterns.md. (2) Boundaries: Absent. Templates use raw string interpolation without delimiters. (3) Capability: Supports 'ReAct' tool-use and external network calls via AsyncOpenAI. (4) Sanitization: No escaping or validation of external content is implemented.
- Unverifiable Dependencies (MEDIUM): The skill utilizes and recommends multiple packages from untrusted organizations, including langfuse, dspy-ai, faiss-cpu, and scipy.
- Data Exposure (LOW): Configures telemetry to a non-whitelisted domain (cloud.langfuse.com) for prompt versioning and observability.
- Credential Exposure (INFO): Contains placeholder API keys (pk-..., sk-...) in documentation files which are non-functional.
Recommendations
- AI detected serious security threats
Audit Metadata