contextualisation-skill-builder
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user data via several input fields and interpolates it directly into the AI's generation prompt. This surface could allow a user to attempt to override the skill's intended behavior by providing instructional commands instead of historical data.\n
- Ingestion points: SKILL.md input_schema (historical_topic, student_level, current_challenge, background_knowledge, etc.).\n
- Boundary markers: Absent. The prompt template does not use delimiters (like triple backticks or XML tags) to wrap the variable placeholders or include instructions to treat input as data only.\n
- Capability inventory: The skill does not explicitly request dangerous tools, but it has model invocation enabled and generates structured instructional content which could be influenced by malicious input.\n
- Sanitization: No validation, escaping, or filtering is applied to the user-provided inputs before they are processed by the model.
Audit Metadata