learning-instructor-training
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill accepts untrusted data through the 'content' parameter. However, it lacks any dangerous capabilities such as file writing, shell execution, or network access.
- Ingestion points: 'content' parameter in 'skill.py'.
- Boundary markers: Absent.
- Capability inventory: No subprocess calls, exec/eval, file-write, or network operations detected.
- Sanitization: Simple truncation is used for the output.
- [Code Quality] (INFO): The variable 'skill_dir' is referenced in the 'execute' method but is not defined within the scope of the script, which will lead to a NameError during execution. This is a logic flaw rather than a security vulnerability.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths or credentials was found.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were identified.
Audit Metadata