course-generator
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary functionality is to process user-provided documents into structured courses. All observed behaviors, such as reading text files and creating directories, are legitimate and aligned with the described use case.
- [COMMAND_EXECUTION]: The skill utilizes Bash commands for directory management and file output. These operations are limited to creating the course structure on the local file system.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes external document content.
- Ingestion points: Document files read via the Glob tool in SKILL.md.
- Boundary markers: Absent; document content is placed directly under markdown headers in
references/outline_prompt.mdandreferences/chapter_prompt.md. - Capability inventory: File system write access and directory creation via Bash.
- Sanitization: No input sanitization or escaping is performed on the source text before it is processed by the AI model.
Audit Metadata