prompt-doctor
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted text to provide analysis and rewrites.\n
- Ingestion points: Untrusted text is ingested through inline conversation or file reads in the
SKILL.mdworkflow (Step 1).\n - Boundary markers: The skill does not instruct the agent to use data delimiters or isolation techniques (like XML tags or 'ignore' rules) for its own processing of the input prompt.\n
- Capability inventory: The agent has access to file-system modification tools (
Write,Edit) which could be misused if an injection is successful.\n - Sanitization: There is no evidence of input validation or sanitization before the agent incorporates the untrusted text into its context.
Audit Metadata