instructor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's examples (references/examples.md) demonstrate interpolating untrusted strings directly into prompt templates (e.g., f"Extract: {text}") without using delimiters or instructions to ignore embedded commands. This creates a surface for indirect prompt injection if the input text is attacker-controlled.\n
- Ingestion points: 'text' variable in references/examples.md used in multiple extraction patterns.\n
- Boundary markers: Absent from all provided code snippets.\n
- Capability inventory: The skill is focused on structured data extraction and classification; it does not demonstrate subprocess calls or file-write capabilities.\n
- Sanitization: No sanitization or validation logic is present in the provided examples.\n- [Data Exposure & Exfiltration] (SAFE): No sensitive file access (e.g., SSH keys, credentials) or network exfiltration to untrusted domains was detected. Localhost and standard provider endpoints (OpenAI/Anthropic) are considered safe in this context.\n- [Remote Code Execution] (SAFE): No remote script downloads or dynamic code execution (eval/exec) patterns were found in the documentation snippets.
Audit Metadata