enrich-teaching-guide
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands (
ls,grep) to discover markdown files within theapps/learn-app/docs/directory based on user-supplied parameters like chapter numbers or paths. This is used for scope resolution and does not involve elevated privileges or remote network access. - [PROMPT_INJECTION]: The skill processes untrusted data which creates a surface for indirect prompt injection. It reads the full content of target lesson files and their predecessors to generate educational metadata, which could allow instructions embedded within those files to influence agent behavior.
- Ingestion points: Local markdown lesson files in
apps/learn-app/docs/. - Boundary markers: None; the skill reads the full content of lessons sequentially.
- Capability inventory: Shell command execution for file listing and direct file modification for frontmatter injection.
- Sanitization: No explicit sanitization or filtering of the ingested lesson content is performed prior to the analysis step.
Audit Metadata