curriculum-package-web
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill instructions in SKILL.md are purely descriptive and do not contain any patterns intended to bypass safety filters or override agent instructions.
- [DATA_EXFILTRATION] (SAFE): No network operations (curl, wget, requests) or access to sensitive file paths (e.g., ~/.ssh, .env) were detected. The skill only performs string manipulation on the provided content path.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns involving the download and execution of remote scripts. The Python code uses standard library imports and a local framework reference.
- [COMMAND_EXECUTION] (SAFE): While the documentation mentions a CLI interface, the actual Python implementation does not use subprocess.run, os.system, or any other method to execute shell commands.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill accepts a 'content_path' as input but only uses its filename 'stem' for metadata reporting. It does not ingest or process the contents of external files, eliminating the surface for indirect injection.
Audit Metadata