Skills
skills/fw1201/tw-edu-skills/tw-edu-rubric-designer/Gen Agent Trust Hub

tw-edu-rubric-designer

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file defines a shell command template for executing the Python generation script. This template directly interpolates user-provided strings (e.g., [任務名稱], [科目]) into a bash command line: python scripts/generate_rubric.py --task "[任務名稱]" .... If an attacker provides input containing shell metacharacters (e.g., ;, &, |), it could lead to arbitrary command execution on the host environment.
  • [EXTERNAL_DOWNLOADS]: The script scripts/tw_edu_doc_utils.py imports and relies on the python-docx (imported as docx) library. This is a common third-party dependency for Word document manipulation but constitutes an external dependency that must be present in the execution environment.
  • [DATA_EXPOSURE]: The skill requests Read and Write permissions to access reference files and save output documents to /mnt/user-data/outputs/. This is consistent with its stated purpose of document generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 12:34 AM