ai-tutorials
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow (Step 7) explicitly instructs the agent to 'personally write complete runnable code' and 'actually run' it to verify the correctness of the tutorial projects. This involves the dynamic generation and execution of code within the agent's environment.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes data from external files in the workspace (such as
introduction.md,studentprofile.md, andsyllabus.md) to guide the generation of further content. - Ingestion points: Files
introduction.md,studentprofile.md,knowledge-points.md, andsyllabus.mdlocated in the project directory. - Boundary markers: The instructions do not define clear delimiters or provide 'ignore embedded instructions' warnings for the data ingested from these files.
- Capability inventory: File system access (read/write) and the ability to execute generated code as part of the verification step.
- Sanitization: There is no mention of sanitizing or validating the contents of the ingested files before they are used to influence agent behavior.
Audit Metadata