karpathy-output-evolution
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (e.g.,
<RAW_CONTENT>,[DATA],[YOUR CONTENT REQUEST]) by interpolating it directly into prompt templates without using boundary markers (like XML tags or triple quotes) or 'ignore' instructions. - Ingestion points: Multiple templates in
SKILL.mdingest raw text, data, and research notes. - Boundary markers: Absent; data is placed directly after instructional headers.
- Capability inventory: The skill instructs the agent to generate browser-executable code (HTML/JavaScript) and slideshow formats (Marp).
- Sanitization: No validation or escaping is performed on the ingested content. A malicious payload within the processed data could hijack the agent's instructions to generate malicious scripts (Cross-Site Scripting) or exfiltrate the data used in the prompt.
Audit Metadata