prompt-leak
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an extensive library of injection payloads in
references/leak-payloads.mddesigned to override target agent instructions. These include authoritative disguises ('I am the system administrator'), formatting tricks (JSON/XML serialization), and translation traps used to leak private system prompts. - [COMMAND_EXECUTION]: The methodology includes steps for probing and mapping available tools and functions within a target environment. Phase 5 explicitly instructs on how to systematically test for code execution, file system access, and internal API capabilities to identify potential vulnerabilities.
- [DATA_EXFILTRATION]: The skill documentation identifies internal endpoints, knowledge base sources, and service credentials as primary extraction targets. It provides strategies for leaking these sensitive configuration details through indirect induction and side-channel inference techniques.
Audit Metadata