tw-edu-lesson-plan-108
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local script,
scripts/generate_lesson_plan.py. This script is functionally dedicated to generating.docxfiles using the standardpython-docxlibrary. It does not perform any unauthorized system modifications or network operations. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external web searches and user input, which is then passed as arguments to a shell command.
- Ingestion points: User input from Step 1 and external
WebSearchresults from Step 2 inSKILL.md. - Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands in the ingested data.
- Capability inventory: The skill utilizes
Bashto executescripts/generate_lesson_plan.pyusing variables collected from the ingestion points. - Sanitization: No explicit sanitization or escaping logic is defined for the interpolated shell arguments.
- [DATA_EXFILTRATION]: While the skill mentions MCP connectors for Google Drive and Canva, it explicitly requires a confirmation summary and user approval before any write operations are performed, adhering to secure interaction principles.
- [SAFE]: No obfuscation, hardcoded credentials, malicious remote code patterns, or persistence mechanisms were detected in the instructions or the accompanying Python script.
Audit Metadata