study-habits
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- No Code (SAFE): The analysis of SKILL.md reveals that it is entirely composed of Markdown documentation and YAML frontmatter. There are no executable scripts (.sh, .py, .js), command-line instructions, or configuration files that could facilitate code execution.
- Metadata Analysis (SAFE): The metadata (name, description, author) is consistent with the skill's stated purpose. There are no signs of metadata poisoning or hidden instructions within the YAML fields.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations (curl, wget, fetch) are present. The skill's tip regarding local data storage is a claim that cannot be verified without code, but no exfiltration surface exists in the provided file.
- Indirect Prompt Injection (LOW): While the skill is designed to ingest user-provided data (study topics, exam dates), it lacks any 'write' or 'execute' capabilities that could be exploited via injection. It serves as a template for agent behavior rather than a functional tool with a security boundary.
Audit Metadata