code-explanation
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The instructions focus purely on educational frameworks (Bloom's Taxonomy, CRA) and audience calibration. There are no attempts to bypass safety filters or ignore system instructions.
- DATA_EXFILTRATION (SAFE): The skill uses local tools like
Grep,Read, andGlobfor code analysis. There are no network operations or calls to external domains detected. - REMOTE_CODE_EXECUTION (SAFE): No patterns involving
curl | bash, dynamiceval, or untrusted script downloads were found. Code execution is limited to internal subagents for analysis purposes. - INDIRECT_PROMPT_INJECTION (LOW): While the skill processes external code for explanation (Category 8 surface), its behavior is restricted to 'display only' or 'internal reasoning' (pedagogical breakdown). It lacks the capability to write to sensitive files or execute arbitrary shell commands based on the code it reads.
- DEPENDENCIES (SAFE): No external Python or Node.js packages are required or installed by this skill.
Audit Metadata