learning-simulation-designer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues were identified. The skill follows standard implementation patterns for its stated purpose.
- Indirect Prompt Injection (SAFE): The skill ingests user-provided strings ('topic', 'educational_level') and interpolates them into a response dictionary and an artifact filename list. While there is no explicit sanitization beyond replacing spaces with underscores in filenames, the skill lacks any capabilities (such as shell execution or file system writes) that could be exploited via these inputs.
- Code Quality Note (INFO): The variable 'skill_dir' used in the artifacts list is undefined in the 'execute' method, which will result in a NameError at runtime. This is a functional bug, not a security vulnerability.
Audit Metadata