learning-xr-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No override, bypass, or role-play patterns were detected in the skill's metadata or logic.- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files (e.g., credentials, SSH keys) or perform any network requests to external domains.- [Remote Code Execution] (SAFE): There are no patterns involving the download and execution of remote scripts or the use of unsafe package installers.- [Command Execution] (SAFE): The script does not utilize subprocesses, os.system, or any other method to execute shell commands.- [Indirect Prompt Injection] (SAFE): Although the skill processes external input (topic, educational_level), it lacks capabilities (like file writing or network access) that would make it a viable target for indirect injection.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or dynamic module loading from untrusted paths was found. The use of sys.path.insert is for a relative internal framework path.
Audit Metadata