dspy-labeled-few-shot
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code examples for the DSPy library. All snippets demonstrate intended functionality for few-shot learning optimization without suspicious side effects.
- [CREDENTIALS_UNSAFE]: No actual API keys or secrets are included; the code uses generic placeholders for LM providers.
- [REMOTE_CODE_EXECUTION]: No remote code execution or unauthorized package installation patterns were detected.
- [PROMPT_INJECTION]: The skill demonstrates processing untrusted inputs (e.g., user messages, support tickets, git commits) through LLM signatures, which creates a surface for indirect prompt injection. This is an inherent property of the library's classification and formatting tasks. Evidence: Ingestion points include 'message' in SKILL.md and 'ticket'/'commit_message' in examples.md; explicit boundary markers are absent in the examples; capabilities are limited to LLM API calls and local file persistence (.save/.load); no input sanitization is demonstrated.
Audit Metadata