assisted-learning
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches and synthesizes content from the web via WebSearch and documentation lookups to provide explanations and store notes. * Ingestion points: Content is retrieved through WebSearch and context7: query-docs as described in SKILL.md. * Boundary markers: There are no explicit instructions or delimiters defined to isolate ingested content from agent instructions during synthesis. * Capability inventory: The skill can search, create, and modify records in the trekker tool (e.g., trekker epic create, trekker task create). * Sanitization: No sanitization or verification of the fetched external documentation is performed before it is used to generate responses or stored in the trekker database.
- [COMMAND_EXECUTION]: Management of persistent state via CLI. The skill issues commands to the trekker CLI tool to track learning progress. These commands are constructed using variables such as the [topic] name and research findings, which could lead to unintended command behavior if the underlying tool does not adequately sanitize arguments.
Audit Metadata