universal-learner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is a vulnerability surface for indirect prompt injection as it processes and stores arbitrary external prompts.
- Ingestion points: Processes user-provided prompts and data from 'extracted_modules.json' via the Step 2 and Step 5.2 workflows.
- Boundary markers: Absent; the logic does not employ delimiters or 'ignore' instructions to isolate untrusted content during extraction.
- Capability inventory: The skill possesses file-write capabilities, updating 'elements.db' (SQLite) and 'universal_elements_library.json' with the processed content.
- Sanitization: While 'element_extractor.md' includes quality filters (e.g., word count and clarity), it lacks sanitization logic to detect or neutralize embedded malicious instructions.
- Data Exposure & Exfiltration (SAFE): Data operations are confined to the local 'extracted_results' directory. No network operations, exfiltration patterns, or access to sensitive system files (e.g., SSH keys) were detected.
- Remote Code Execution (SAFE): No remote scripts are downloaded or executed. The Python logic provided in the modules is used for data processing and is not combined with untrusted execution methods like eval() or piped bash commands.
Audit Metadata