teacher-elf-broadcast
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/teacher_elf_task.pyto facilitate interactions with the Teacher Elf API. - [EXTERNAL_DOWNLOADS]: Communicates with official New Oriental Education (XDF) endpoints at
gateway.staff.xdf.cnandgateway.test.xdf.cnto manage broadcast tasks. - [CREDENTIALS_UNSAFE]: The skill utilizes environment variables
TEACHER_ELF_APP_IDandTEACHER_ELF_APP_SECRETfor authentication. The implementation correctly uses HMAC-SHA1 signing to authenticate requests without transmitting the secret key in plain text. - [INDIRECT_PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes user-provided message content sent to external recipients.
- Ingestion points: Message content is ingested via the
receiverList[].sendContentList[].contentfield in JSON payloads processed byscripts/teacher_elf_task.py. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the script's processing logic.
- Capability inventory: The skill has the capability to perform network POST requests to external API endpoints.
- Sanitization: Content sanitization is not performed within the local script, relying instead on the API provider's server-side validation.
Audit Metadata