korean-scholarship-search
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to search within trusted official domains such as
kosaf.go.krand*.ac.kr. It uses local Python scripts to process data, which provides a layer of isolation between the agent and potentially untrusted web content.\n- [COMMAND_EXECUTION]: The skill executes local Python scripts (scholarship_filter.py) to filter scholarship data. The use ofsubprocess.runinscripts/test_scholarship_filter.pyis for testing purposes, uses safe argument passing, and does not involve shell execution.\n- [DATA_EXFILTRATION]: No evidence of unauthorized network exfiltration or access to sensitive local credentials (e.g., SSH keys, AWS configs) was found. The skill operates on public scholarship announcement data.\n- [PROMPT_INJECTION]: The skill processes external data from web searches and attachments, which is a surface for indirect prompt injection. This is mitigated by the use of internal Python helpers for logic and filtering.\n - Ingestion points: Web search results and PDF/HWP scholarship announcements processed in
SKILL.mdworkflows.\n - Boundary markers: Not explicitly defined in instructions.\n
- Capability inventory: File system access for script execution and reading local scholarship data files.\n
- Sanitization: Structured parsing via JSON and regular expression extraction in
scripts/scholarship_filter.py.
Audit Metadata