teach-me
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by ingesting data from external files and other skills.
- Ingestion points: The agent is instructed to read contents from
~/.claude/skills/and project-local markdown files in thelearning/directory to build curriculum content. - Boundary markers: Absent; the skill directs the agent to treat discovered skills as an "authoritative reference" without using delimiters or instructions to ignore embedded commands within those files.
- Capability inventory: The skill can perform file system read/write operations, update platform memory, and invoke other available tools (e.g., the
diagramsskill). - Sanitization: Absent; there is no logic for filtering or validating the content of the referenced files or user input before it is processed by the tutoring logic.
- [COMMAND_EXECUTION]: The skill uses filesystem operations to search for and read markdown documents from standard directories (
~/.claude/skills/,~/.claude/learning/) to dynamically retrieve curriculum information. This behavior is aligned with its stated purpose of subject-matter integration and progress persistence. - [DATA_EXFILTRATION]: The skill records session logs, user performance metrics, and learning plans into the local filesystem and platform-managed memory. All data remains within the user's controlled environment, and no external network calls or data transmissions were detected.
Audit Metadata