karpathy-output-evolution

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (e.g., <RAW_CONTENT>, [DATA], [YOUR CONTENT REQUEST]) by interpolating it directly into prompt templates without using boundary markers (like XML tags or triple quotes) or 'ignore' instructions.
  • Ingestion points: Multiple templates in SKILL.md ingest raw text, data, and research notes.
  • Boundary markers: Absent; data is placed directly after instructional headers.
  • Capability inventory: The skill instructs the agent to generate browser-executable code (HTML/JavaScript) and slideshow formats (Marp).
  • Sanitization: No validation or escaping is performed on the ingested content. A malicious payload within the processed data could hijack the agent's instructions to generate malicious scripts (Cross-Site Scripting) or exfiltrate the data used in the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:12 AM