constitutional-ai
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It provides code examples that ingest untrusted user prompts (e.g., 'How do I hack a website?') and interpolates them directly into higher-level critique and revision prompts without using explicit boundary markers or XML-style delimiters to isolate the untrusted content from the system instructions.
- Ingestion points: Prompts are ingested into
critique_prompt,revision_prompt, andcot_critique_promptwithin the Python workflow examples inSKILL.md. - Boundary markers: No boundary markers (like
[INST]or<prompt>) are used in the prompt templates to separate user data from the instructions. - Capability inventory: The skill demonstrates the use of
transformersandtrllibraries for text generation and model training, which can be influenced by the content of the ingested data. - Sanitization: No sanitization or input validation logic is present in the provided code snippets.
Audit Metadata