project-teacher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill contains a design pattern that can be influenced by external data.
- Ingestion points: Reads files from the root of external vaults,
.cursor/, or.claude/folders to find context instructions. - Boundary markers: None. The skill explicitly states 'Delegate to those instructions if they exist', which instructs the agent to follow logic found in untrusted or attacker-modifiable local files.
- Capability inventory: File read (project source), file write (Markdown docs), and file modification (
.gitignore). - Sanitization: None mentioned. Malicious instructions placed in these configuration folders could potentially override the skill's intended behavior.
- Data Exposure & Exfiltration (SAFE): While the skill reads project files to create a 'Code index', it does not contain any network-facing commands or exfiltration patterns. It explicitly attempts to protect data by adding its output directory to
.gitignore.
Audit Metadata