leetcode-teacher
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages a local practice environment by executing scripts (
scripts/finish_problem.py,scripts/get_status.py) and Git commands. It also runs user-generated Python solutions to verify algorithm correctness during the learning process. - [DATA_EXPOSURE_AND_EXFILTRATION]: As part of its documented workflow, the skill automatically performs a
git pushto remote repositories to sync progress. While this is an intended feature for tracking goals, it involves automated network activity that transmits local repository state to a remote origin. - [PROMPT_INJECTION]: The skill instructions in
SKILL.mduse strict directives (e.g., "硬性规则", "严禁提示") to ensure the AI agent does not provide answers prematurely. These are instructional constraints designed to enhance the educational experience and do not attempt to bypass security filters. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external local sources such as
leetcode.jsonandREADME.md(via a migration script). - Ingestion points: Reads
leetcode.jsonto determine user settings/progress and parsesREADME.mdto import problem history. - Boundary markers: None identified in the logic that interpolates these files into the agent's context.
- Capability inventory: The skill has the ability to run shell commands for Git and execute local Python scripts.
- Sanitization: Content from these files is used directly without validation or escaping beyond basic parsing.
- [METADATA_POISONING]: Documentation in
references/progress_tracking.mdmentions Todoist integration features (like searching tasks and adding comments) that are not implemented in the provided codebase. This appears to be a documentation error rather than a malicious trap.
Audit Metadata