cortex-code-tutorial
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is a comprehensive educational resource for the Cortex Code CLI tool. It contains no executable code, scripts, or external dependencies.
- [COMMAND_EXECUTION]: While the tutorial explains and guides the user to use the
!command(shell) syntax, this is done strictly for educational purposes to demonstrate the tool's built-in functionality. No malicious or unauthorized commands are automatically executed by the skill itself. - [DATA_EXFILTRATION]: The tutorial references Snowflake table metadata and local file access using the
#and@syntax. These are documented as features of the Cortex Code CLI for user education, with no evidence of sensitive data being harvested or transmitted to external domains. - [PROMPT_INJECTION]: The skill utilizes a structured persona and instructional framework (Explain-Before-Execute) to guide the agent's behavior. No attempts to bypass safety filters or override system instructions were found.
- [DYNAMIC_CONTEXT_INJECTION]: The skill mentions and documents the usage of dynamic command execution placeholders (
!command). However, it does not use them for malicious purposes such as silent exfiltration or credential harvesting; it serves as a teaching aid for the user.
Audit Metadata