prompt-structurer
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references external URLs in the
references/web-resource-index.mdfile for background rationale and documentation. Most sources are well-known technology and design documentation sites (e.g., Anthropic, Microsoft, PromptingGuide.ai, and NN/g), while one reference points to a third-party community repository onskills.sh. These resources are fetched only for informational purposes and are not executed as code. - [PROMPT_INJECTION]: The skill processes untrusted input in the form of
PROMPT_TEXT, creating a surface for potential indirect prompt injection. - Ingestion points: The
PROMPT_TEXTinput field defined inSKILL.mdis the primary source of untrusted data. - Boundary markers: The instructions do not define explicit delimiters or instructions to encapsulate the content of
PROMPT_TEXTto prevent it from being interpreted as instructions by the subagents. - Capability inventory: The skill can perform network fetches (restricted to a predefined list of URLs), read local skill files, and generate structured text outputs; it lacks shell execution or broad file system write capabilities.
- Sanitization: No explicit sanitization, filtering, or escaping is applied to the input text before it is analyzed by the subagent pipeline.
Audit Metadata