prompt-leverage
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by processing untrusted user input and incorporating it into executable instructions.
- Ingestion points: The workflow in SKILL.md and the scripts/augment_prompt.py script accept a 'raw prompt' from the user as primary input.
- Boundary markers: The script scripts/augment_prompt.py lacks robust delimiters (e.g., XML tags, triple backticks) when interpolating the user's prompt into the Objective block of the generated template. This allows a crafted input to 'break out' of the block and append or override instructions in subsequent sections like Work Style or Tool Rules.
- Capability inventory: The skill is designed to produce instructions for agents (like Codex) that typically have capabilities for code execution, file system access, or tool usage, increasing the impact of a successful injection.
- Sanitization: No sanitization, escaping, or character filtering is performed on the user-provided prompt before it is embedded into the final instruction set.
Audit Metadata