ai-tutorials
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow (Step 7) explicitly instructs the agent to write and execute Python code and tests locally to verify the correctness of the generated tutorial content.
- [REMOTE_CODE_EXECUTION]: The agent is encouraged to generate and run code for image creation (using libraries like matplotlib or PIL) or to call external image generation APIs and MCP servers.
- [EXTERNAL_DOWNLOADS]: The project templates within the skill include instructions for the agent or user to install external Python packages using 'pip install'.
- [PROMPT_INJECTION]: The skill allows users to explicitly override the automatic progress detection logic in 'Step 0', which could be used to bypass planned verification steps.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and processes untrusted data from 'introduction.md' without sanitization or strict boundary markers.
- Ingestion points: The agent reads 'introduction.md' and existing 'lesson/' directories to determine context and state.
- Boundary markers: No explicit delimiters or instructions are used to separate user-provided data from agent instructions.
- Capability inventory: The agent has the capability to write files, create directories, and execute shell commands/Python scripts.
- Sanitization: No sanitization or validation logic is present for the data read from external files.
Audit Metadata