competition-prompt-injection
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is purely instructional and serves as a guide for security analysis.
- [PROMPT_INJECTION]: No malicious bypasses or overrides were found. The skill's focus on prompt injection is analytical and directed at identifying vulnerabilities in external systems rather than bypassing its own agent guidelines.
- [DATA_EXFILTRATION]: No hardcoded secrets or network exfiltration patterns were detected. Mentions of exfiltration in the text relate to the security topics intended for analysis.
- [REMOTE_CODE_EXECUTION]: No executable code or dynamic execution capabilities are present in the skill files.
- [INDIRECT_PROMPT_INJECTION]: The skill outlines a methodology for handling untrusted data but lacks the tools or scripts necessary to be exploited by that data. Evidence Chain: 1. Ingestion: User-supplied CTF payloads identified in SKILL.md. 2. Boundaries: Explicitly mapped in workflow and checklist. 3. Capabilities: None (no tool or script files provided). 4. Sanitization: Manual review process specified in the workflow.
Audit Metadata