tutor-setup
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its core workflow of analyzing untrusted external data.
- Ingestion points: The agent reads and processes text from PDFs, HTML via WebFetch, and source code files during Phase D1 and Phase C1.
- Boundary markers: The skill contains a 'CWD Boundary Rule' to prevent access to files outside the current working directory, which provides a layer of filesystem protection.
- Capability inventory: The agent has access to 'Bash', 'WebFetch', 'Read', and 'Write' tools.
- Sanitization: There are no instructions for sanitizing or filtering instructions that might be embedded in the source material (e.g., a PDF containing a command for the AI to ignore its rules).
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute shell commands.
- Evidence: Phase D1 in 'SKILL.md' explicitly instructs the agent to use 'pdftotext' via the shell to extract content from PDF files.
- [EXTERNAL_DOWNLOADS]: The skill uses 'WebFetch' to retrieve content from remote URLs provided by the user.
- Evidence: 'SKILL.md' Phase D1 specifies that URLs should be processed using 'WebFetch' for text extraction.
Audit Metadata