tutor
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill aligns with its stated purpose of interactive learning and follows the principle of least privilege by restricting operations to the user's workspace.
- [COMMAND_EXECUTION]: File system interactions are limited to globbing for the StudyVault directory and reading/writing markdown files for tracking study metrics. No arbitrary shell commands or system-level modifications are present.
- [DATA_EXFILTRATION]: The skill does not utilize network protocols or external APIs; all data processing and storage are confined to the local filesystem.
- [PROMPT_INJECTION]: The skill reads user-provided markdown files to generate quiz content. While this creates a surface for indirect prompt injection, the risk is safe because the ingestion point (StudyVault markdown files) is local content, and the skill's capabilities (Capability Inventory) are limited to local file updates and structured quiz output. There are no boundary markers or specific sanitization steps documented for this data ingestion.
Audit Metadata