tutor-setup
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly directs the agent to execute shell commands for document processing and system exploration. Specifically, SKILL.md dictates the use of pdftotext for PDF conversion, and references/codebase-workflow.md utilizes find to map the local directory structure.
- [EXTERNAL_DOWNLOADS]: The instructions in SKILL.md (Document Mode) require the agent to perform system-level software installations using brew install or apt-get install if the necessary poppler-utils are missing from the environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. (1) Ingestion points: SKILL.md describes a URL Mode that fetches untrusted web content using WebFetch. (2) Boundary markers: No delimiters or ignore instructions are specified for isolating external content. (3) Capability inventory: The skill can execute shell commands and modify the system via package managers. (4) Sanitization: No sanitization of ingested content or input filenames is documented before shell execution.
Audit Metadata