coding-tutor
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches multiple Python scripts (setup_tutorials.py, create_tutorial.py, index_tutorials.py, quiz_priority.py) from the vendor's domain (skills.every.to) to handle setup and tutorial lifecycle management.\n- [REMOTE_CODE_EXECUTION]: Executes the downloaded Python scripts using python3. These scripts perform file system operations and interact with system tools like git.\n- [COMMAND_EXECUTION]: Uses subprocess.run in setup_tutorials.py and create_tutorial.py to execute shell commands for git (init, status, commit) and the GitHub CLI (gh repo create) to manage the tutorial repository.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it automatically reads content from the user's project codebase and previously created tutorial files to plan new lessons.\n
- Ingestion points: Local project files and tutorial markdown files in ~/coding-tutor-tutorials/.\n
- Boundary markers: Absent; the agent reads files directly without specific delimiters or instructions to ignore embedded instructions.\n
- Capability inventory: File system read/write access and shell command execution via helper scripts (git/gh CLI).\n
- Sanitization: Absent; files are processed as plain text and interpreted by the agent.
Audit Metadata