improve-prompt
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from multiple sources (user input, local files, and conversation history) to 'improve' it. While the instructions include a 'CRITICAL: Disambiguation Warning' to prevent the agent from executing input data, a sophisticated prompt could still attempt to influence the reasoning or behavior of the spawned subagent. \n
- Ingestion points: User-provided strings, files read via path, and conversation history context are used as input. \n
- Boundary markers: The skill uses instructional text to separate data from instructions, but lacks structural or cryptographic delimiters for the interpolated content. \n
- Capability inventory: The skill uses Read, Write, and Task (subagent spawning) tools. \n
- Sanitization: There is no evidence of sanitization or escaping of the input prompt before it is passed to the subagent sub-process.\n- [DATA_EXFILTRATION]: The skill's 'file path' input mode allows the agent to read arbitrary files from the local filesystem. This could lead to the exposure of sensitive data, such as environment variables, SSH keys, or configuration files, if the user or a malicious prompt directs the agent to a sensitive path for 'improvement'.
Audit Metadata