japanese-tutor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from user-uploaded PDF and DOCX files and is instructed to 'persist' this knowledge by appending it to internal reference files (
references/vocab.md,references/grammar.md). - Ingestion points: Data enters through
scripts/parse_pdf_gemini.pyandscripts/parse_docx.py. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the ingested text.
- Capability inventory: The agent has the capability to write/append to local files and execute Python scripts.
- Sanitization: No sanitization or validation of the extracted content is performed before appending it to reference files, which could allow an attacker to inject malicious instructions that the agent might follow in future sessions.
- [EXTERNAL_DOWNLOADS]: The script
scripts/parse_pdf_gemini.pyuses thegoogle-generativeailibrary to upload user files to Google's Gemini API for processing. This involves sending local data to an external, well-known service. - [COMMAND_EXECUTION]: The skill's core functionality relies on executing local Python scripts (
scripts/parse_pdf_gemini.py,scripts/parse_docx.py,scripts/greet.py) to process user files and generate greetings.
Audit Metadata