textual-equilibrium-propagation-deep

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted user data in the form of pipeline computation graphs and task objectives to generate and iteratively refine LLM prompts.
  • Ingestion points: User-provided pipeline descriptions and task objectives (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat input data as untrusted or to ignore embedded instructions.
  • Capability inventory: The agent is instructed to generate, evaluate, and modify prompts based on user input, which can lead to the persistence of malicious instructions in the optimized prompt set.
  • Sanitization: No input validation or escaping is mentioned in the workflow.
  • [PROMPT_INJECTION]: The skill includes deceptive metadata by citing a research paper that does not exist ('Chen et al., ICLR 2026') and providing a fake arXiv identifier (2601.21064v2). This use of metadata poisoning attempts to establish a false sense of authority and technical validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 03:03 AM
Security Audit — agent-trust-hub — textual-equilibrium-propagation-deep