tw-stu-concept-viz
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-defined concept descriptions to produce interactive HTML and JavaScript components. Ingestion points: User input provided during the concept analysis phase in Step 2. Boundary markers: The instructions do not define specific delimiters or instructions to isolate untrusted data. Capability inventory: The skill is configured with Write and Bash tools which could be leveraged if malicious instructions are executed. Sanitization: No explicit validation or escaping of external content is performed before code generation.
- [DYNAMIC_EXECUTION]: The skill dynamically constructs and outputs functional code for interactive diagrams, timelines, and networks at runtime.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses educational alignment metadata from relative paths and parent directory structures (../../tw_edu_concept_alignment.md) to synchronize with curriculum standards.
Audit Metadata