learn
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
pdftotextutility via bash commands to extract text from user-provided PDF documents for teaching purposes (found in SKILL.md, Phase 3). - [EXTERNAL_DOWNLOADS]: The skill employs
WebFetchto retrieve content from external URLs when the user requests to 'Study from source' or provides a URL (found in SKILL.md, Phase 2 & 3). - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted data from external sources.
- Ingestion points: The skill reads external URLs (WebFetch), PDF files (via
pdftotext), and local file/codebases (SKILL.md). - Boundary markers: Absent; the skill is instructed to teach directly from retrieved content without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the capability to execute shell commands (bash), perform network fetches (WebFetch), and write persistent data to the local filesystem (
~/.learn/). - Sanitization: No explicit sanitization or filtering of the retrieved content is described before it is integrated into the agent's context.
Audit Metadata