prompt-engineer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No hardcoded credentials, sensitive file paths, or unauthorized system access patterns were detected within the skill instructions or scripts.
- [EXTERNAL_DOWNLOADS]: The documentation provides installation procedures involving the author's GitHub repository and a utility package accessible via
npx. These resources are consistent with the provided author identity and represent standard distribution methods. - [PROMPT_INJECTION]: The skill processes untrusted user input to generate improved prompts, which inherently creates a surface for indirect prompt injection. However, the skill includes explicit 'magic mode' instructions and quality gates that enforce adherence to its internal frameworks and prevent the agent from deviating from its role.
- [SAFE]: A minor inconsistency exists between the internal testing suite (
evals/evals.json) and the operational instructions (SKILL.md) regarding the disclosure of the frameworks used. This is a functional best-practice violation and does not impact the security posture of the skill.
Audit Metadata