tutor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch content from arbitrary URLs provided in input arguments. Evidence: SKILL.md specifies the action "URL: Fetch the content."
- [DATA_EXFILTRATION]: The skill directs the agent to perform local file system operations, including reading files and exploring directories based on provided paths, which creates a risk of sensitive data exposure. Evidence: SKILL.md specifies "Local path: Read the file or explore the directory."
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external URLs and local files without protective measures such as boundary markers or sanitization. Ingestion points: Content derived from external URLs and local file paths as defined in SKILL.md. Boundary markers: Absent; the skill lacks instructions or delimiters to distinguish between data and instructions. Capability inventory: The skill utilizes network fetching and file system access capabilities. Sanitization: Absent; content is processed directly to facilitate the tutoring modes.
Audit Metadata