prompt-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a three-layer architecture for building prompts that interpolate dynamic user data into agent instructions, which establishes an attack surface for indirect prompt injection.
- Ingestion points: The implementation examples in SKILL.md (e.g.,
build_constrained_promptandFewShotSelector) ingest ataskorqueryparameter directly from untrusted sources into the generated message stream. - Boundary markers: The documentation explicitly recommends using XML tags (e.g.,
<task>,<constraints>) to delimit section boundaries and reduce the risk of the model confusing data for instructions. - Capability inventory: The skill focus is on prompt assembly logic; no direct code execution or file-system writing capabilities are defined within the scripts, though it is designed to define tool-calling environments.
- Sanitization: The skill recommends best practices such as validation gates, output schema enforcement, and testing with adversarial inputs to verify instruction adherence.
Audit Metadata