learning-a-tool
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Evidence: 1. Ingestion points: The agent is instructed in SKILL.md to research external documentation and GitHub repositories. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill instructions in SKILL.md and references/progressive-learning.md require the agent to write runnable code files to the local filesystem. 4. Sanitization: No sanitization or verification steps are included for the generated code.
Audit Metadata