leetcode-teacher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The script exhibits an unprotected attack surface where external input (command-line arguments) is used to determine file system operations.
- Ingestion points: Positional arguments
$1(PATTERN),$2(DIFFICULTY), and$3(PRODUCT) used inscripts/generate_problem.sh. - Boundary markers: Absent; arguments are interpolated directly into the
$OUTPUT_FILEvariable used for file creation. - Capability inventory: File creation and overwrite via the
cat >command in thescripts/generate_problem.shscript. - Sanitization: Absent; the script does not validate or sanitize inputs to prevent directory traversal sequences (e.g.,
../), which could allow an agent influenced by an attacker to write files outside of the intended./problemsdirectory.
Audit Metadata