Skills
skills/bevibing/tutor-skills/tutor-setup/Gen Agent Trust Hub

tutor-setup

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to install system utilities using standard package managers (brew install poppler or apt-get install poppler-utils).
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute pdftotext for PDF processing. The command writes output to /tmp/source.txt, which is a system-wide directory outside the skill's stated 'CWD Boundary Rule'.
  • [EXTERNAL_DOWNLOADS]: Fetches and installs software packages from well-known system registries during setup.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted source documents and code.
  • Ingestion points: Reads files via Read and Glob; fetches web content via WebFetch; converts PDFs via pdftotext (Bash).
  • Boundary markers: Includes a rule to restrict file operations to the current working directory, but lacks delimiters or instructions to ignore embedded agent commands within the ingested content.
  • Capability inventory: The agent has access to Bash, Write, Edit, and WebFetch tools, providing a path for potential exploitation of injected instructions.
  • Sanitization: There is no description of input validation or content filtering to prevent the processing of malicious prompts embedded in source materials.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 09:46 AM