learning-learner-analytics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted data via the 'input_data' parameter. While no exploitable capabilities are present, this remains a theoretical attack surface. Evidence: 1. Ingestion: 'input_data' parameter in skill.py; 2. Boundary markers: Absent; 3. Capability inventory: Static dictionary returns; 4. Sanitization: Not implemented.
- [Functional Error] (SAFE): The variable 'skill_dir' is referenced in 'skill.py' but not defined, which will cause a runtime error but does not pose a security risk.
Audit Metadata