Skills
skills/everyinc/every-marketplace/coding-tutor/Gen Agent Trust Hub

coding-tutor

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: LOW
Full Analysis
  • COMMAND_EXECUTION (INFO): The scripts create_tutorial.py and setup_tutorials.py utilize subprocess.run to call git and gh (GitHub CLI). These calls are implemented using argument lists, which effectively prevents command injection risks.
  • DATA_EXPOSURE (INFO): The skill operates on a specific directory (~/coding-tutor-tutorials) to store learning materials. It does not access sensitive system files or credentials.
  • INDIRECT_PROMPT_INJECTION (LOW): The scripts index_tutorials.py and quiz_priority.py parse markdown files to extract metadata. While this involves reading external content, the manual parsing logic is secure and the extracted data is used for informational indexing rather than being passed to dangerous functions.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 17, 2026, 12:25 AM