textual-equilibrium-propagation-deep
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted user data in the form of pipeline computation graphs and task objectives to generate and iteratively refine LLM prompts.
- Ingestion points: User-provided pipeline descriptions and task objectives (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat input data as untrusted or to ignore embedded instructions.
- Capability inventory: The agent is instructed to generate, evaluate, and modify prompts based on user input, which can lead to the persistence of malicious instructions in the optimized prompt set.
- Sanitization: No input validation or escaping is mentioned in the workflow.
- [PROMPT_INJECTION]: The skill includes deceptive metadata by citing a research paper that does not exist ('Chen et al., ICLR 2026') and providing a fake arXiv identifier (2601.21064v2). This use of metadata poisoning attempts to establish a false sense of authority and technical validation.
Audit Metadata