Skills
skills/pauljbernard/content/learning-engagement/Gen Agent Trust Hub

learning-engagement

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE] (SAFE): No malicious patterns detected. The code performs simple string formatting and returns structured data based on input parameters.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface but lacks exploitable capabilities.
  • Ingestion points: The topic and educational_level parameters in skill.py are used to generate deliverables and artifact names.
  • Boundary markers: Absent. The inputs are interpolated directly into strings.
  • Capability inventory: None. The script does not perform file writes, network operations, or subprocess executions. It only returns data to the calling framework.
  • Sanitization: Minimal. The code replaces spaces with underscores in the topic variable for the artifact name, but does not sanitize against path traversal characters (e.g., '../'). However, since the skill does not handle the file-writing process itself, the risk is negligible.
  • [DYNAMIC_EXECUTION] (LOW): The script modifies sys.path to import skill_base from a relative 'framework' directory. While this involves dynamic path computation, it is a standard pattern for modular plugin architectures and does not ingest untrusted external data for the path construction.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM