ultra-prompt

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the repository being audited (source code, documentation, and user requests) to generate its output, creating a surface for indirect prompt injection.
  • Ingestion points: Ingests repository content in SKILL.md (Workflow Step 2) and reference/AUDIT_AGENTS.md (Agent 2 and 3).
  • Boundary markers: The audit phase lacks explicit delimiters for untrusted content, though the final output follows a structured template in reference/PROMPT_TEMPLATE.md.
  • Capability inventory: The skill requires filesystem read access to perform audits and can spawn subagents to process findings.
  • Sanitization: The skill includes a 'Correctness gate' in reference/OUTPUT_SCHEMA.md to verify that findings are grounded in the repository and match the original user intent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:27 PM
Security Audit — agent-trust-hub — ultra-prompt