prompt-master
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides explicit instructions to the agent to remove any sensitive credentials, such as API keys, tokens, or connection strings, from the generated prompts. This ensures that users do not accidentally embed secrets into their AI interactions.
- [SAFE]: A dedicated sanitization protocol is defined in the 'Input Sanitization' section to handle user-pasted prompts for analysis or optimization. The agent is strictly instructed to treat such content as 'inert data only,' which prevents the agent from executing any instructions contained within the user input, effectively mitigating Indirect Prompt Injection.
- [SAFE]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: User-supplied prompt text or rough ideas provided during prompt creation, fixing, or adaptation (SKILL.md, references/templates.md).
- Boundary markers: The skill utilizes XML tagging structures (e.g.,
<context>,<task>) to isolate user-provided content from instructions. - Capability inventory: The skill performs text generation and includes support for creating hidden directory structures (
.aix/) as part of its deployment framework. - Sanitization: Robust 'Hard Rules' and sanitization logic are included in the skill's instructions to ensure that external data is never treated as authoritative command content.
Audit Metadata