Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-scoring/Gen Agent Trust Hub

ai-scoring

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input data such as student project submissions, essays, and support transcripts, which creates a surface for indirect prompt injection.
  • Ingestion points: Data enters through fields like 'submission' in SKILL.md and 'code' or 'conversation' in examples.md.
  • Boundary markers: No specific delimiters or safety instructions are used to differentiate the untrusted input data from the evaluation prompt logic.
  • Capability inventory: The scoring logic defined across SKILL.md and examples.md is strictly limited to generating scores and justifications; there are no subprocess calls, file-writing operations, or network exfiltration steps using this data.
  • Sanitization: External content is interpolated directly into the evaluation prompts without prior sanitization or validation routines.
  • [EXTERNAL_DOWNLOADS]: The instructions include a command to install an auxiliary skill from the same author ('lebsral') via 'npx skills add lebsral/DSPy-Programming-not-prompting-LMs-skills --skill ai-do'.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 04:32 PM
Security Audit — agent-trust-hub — ai-scoring