formative-assessment-loop-designer
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses a design that integrates untrusted user input into its system prompt instructions, creating a vulnerability surface for indirect prompt injection. However, the overall risk is minimal as the agent has no dangerous capabilities.
- Ingestion points: User-provided inputs such as
learning_objectiveandcurrent_assessment_approachare interpolated directly into the model's instructions inSKILL.md. - Boundary markers: The prompt template does not utilize delimiters (e.g., triple quotes or XML tags) or specific isolation instructions to prevent the model from following commands contained within user input.
- Capability inventory: Analysis of the skill reveals no access to sensitive tools, file system operations, network communication, or arbitrary command execution.
- Sanitization: There are no validation or sanitization mechanisms implemented to filter or escape the user-provided text before interpolation.
Audit Metadata