learning-study-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions in SKILL.md and the Python code do not contain patterns intended to bypass agent safety filters or override system instructions.
- Data Exfiltration & Exposure (SAFE): No network operations (e.g., curl, requests) or access to sensitive file paths (e.g., ~/.ssh, .env) were found. The skill only processes provided parameters.
- Remote Code Execution (SAFE): The script does not download external code or execute remote scripts. It uses a local framework import.
- Command Execution (SAFE): There is no usage of dangerous functions such as subprocess.run, os.system, or eval() that could lead to arbitrary command execution.
- Code Quality (INFO): A functional bug was identified in
skill.pywhere the variableskill_diris referenced in theexecutemethod but is not defined. While this will cause a runtime NameError, it does not pose a security risk. - Indirect Prompt Injection (SAFE): While the skill ingests untrusted data (topic, educational_level), it does not pass this data to any sensitive sinks or execute it as code. The risk is negligible.
Audit Metadata