Skills
skills/hoangvantuan/claude-plugin/deep-learner/Gen Agent Trust Hub

deep-learner

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Detected surface for Indirect Prompt Injection (Category 8). Finding follows mandatory evidence chain: \n
  • Ingestion points: The WebFetch tool in SKILL.md (Step 1) is used to retrieve content from arbitrary, untrusted URLs provided by users.\n
  • Boundary markers: Absent. The skill instructions do not define delimiters (like triple quotes or XML tags) or provide explicit warnings to the agent to disregard instructions embedded within the fetched content.\n
  • Capability inventory: The skill possesses file-system write capabilities (Step 5 in SKILL.md).\n
  • Sanitization: Absent. There is no evidence of logic designed to filter or escape the content fetched via WebFetch before it is processed by the AI phases.\n- COMMAND_EXECUTION (LOW): Potential path traversal vulnerability in Step 5 of SKILL.md. The skill generates file paths using {topic-slug}, which is derived from the analyzed content. If the underlying system does not sanitize this slug, an attacker-controlled page title could include directory traversal sequences (e.g., ../../) to write files outside the intended ./learning-notes/ directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:36 PM