tutor
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses file-based operations to search for and maintain a 'StudyVault' directory. It uses globbing and standard file read/write actions to create and update localized dashboards and concept trackers. These activities are localized to the user's workspace and are necessary for the skill's tracking and tutoring functions.
- [PROMPT_INJECTION]: The skill processes user-generated markdown notes to create quiz content, which presents a surface for indirect prompt injection. Malicious instructions hidden in a user's own notes could theoretically influence the question generation process, though this is a low-risk scenario given the local nature of the data and the absence of high-privilege capabilities.
- Ingestion points: Markdown files in 'StudyVault/' and concept tracker files used in Phase 3.
- Boundary markers: No specific delimiters or safety instructions are defined to separate user content from system prompts.
- Capability inventory: Local file system access (read/write) and LLM-based question generation.
- Sanitization: No evidence of validation or sanitization of the markdown content before it is used for quiz generation.
Audit Metadata