glossary-generator
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from user-provided concept lists and course descriptions without adequate sanitization or boundary markers.\n
- Ingestion points:
docs/learning-graph/02-concept-list-v1.md,docs/course-description.md, and any files in/docs/**/*.md.\n - Boundary markers: Absent; input data is directly embedded into the sub-agent's task prompt without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The sub-agent has access to the Bash tool (command execution) and can perform filesystem writes via provided tools.\n
- Sanitization: No validation of concept labels or description content is performed to prevent instruction injection, beyond basic length and duplicate checks.\n- [COMMAND_EXECUTION]: The skill workflow includes the dynamic generation and execution of a script to finalize output.\n
- Evidence: A Python script is written to
/tmp/assemble_glossary.pyand subsequently executed via the Bash tool to sort and merge glossary entries.\n - Context: The script logic is statically defined within the skill instructions and uses standard libraries (
glob,os,re), placing it in the category of simple script generation from a known template.
Audit Metadata