add-exercises
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override system safety guidelines or extract system prompts. The instructions are strictly limited to the task of updating the exercise database.
- Data Exposure & Exfiltration (SAFE): The skill interacts with a local source file
src/data/popularExercises.ts. No access to sensitive files (like.envor SSH keys) or network exfiltration patterns were detected. - Unverifiable Dependencies & Remote Code Execution (SAFE): The skill uses local commands
grepandpnpm type-check. It does not download or execute scripts from remote or untrusted sources. - Indirect Prompt Injection (LOW):
- Ingestion points: User input triggers such as "add exercise" or "new exercise".
- Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore embedded instructions in exercise names.
- Capability inventory: File system write (
src/data/popularExercises.ts) and command execution (pnpm type-check). - Sanitization: Absent. The skill relies on the agent correctly formatting the TypeScript object based on user-provided strings. While a user could attempt to provide a name containing code, the rigid schema and subsequent
type-checkprovide basic guardrails.
Audit Metadata