learning-metacognition
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override behavior or bypass safety filters were detected in SKILL.md.
- [Data Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or network operations were found in skill.py.
- [Remote Code Execution] (SAFE): No downloads or execution of remote scripts or unverifiable dependencies were identified.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted 'topic' and 'educational_level' data in skill.py. Boundary markers are absent. However, the skill has no dangerous capabilities (no subprocess, exec, or file writes) and performs no sanitization, making the risk negligible.
- [Dynamic Execution] (SAFE): No dynamic code generation or unsafe deserialization was detected.
Audit Metadata