constitutional-ai

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It provides code examples that ingest untrusted user prompts (e.g., 'How do I hack a website?') and interpolates them directly into higher-level critique and revision prompts without using explicit boundary markers or XML-style delimiters to isolate the untrusted content from the system instructions.
  • Ingestion points: Prompts are ingested into critique_prompt, revision_prompt, and cot_critique_prompt within the Python workflow examples in SKILL.md.
  • Boundary markers: No boundary markers (like [INST] or <prompt>) are used in the prompt templates to separate user data from the instructions.
  • Capability inventory: The skill demonstrates the use of transformers and trl libraries for text generation and model training, which can be influenced by the content of the ingested data.
  • Sanitization: No sanitization or input validation logic is present in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 12:54 AM
Security Audit — agent-trust-hub — constitutional-ai