Skills
skills/tinyfish-io/tinyfish-cookbook/leetcode-coach/Gen Agent Trust Hub

leetcode-coach

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the '@tiny-fish/cli' global npm package, which is a verified resource from the authoring vendor.
  • [COMMAND_EXECUTION]: Employs shell commands to verify the local environment, manage authentication, and invoke the 'tinyfish' CLI to run scraping agents on third-party URLs.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external coding platforms and writes it to the local filesystem, which constitutes an indirect prompt injection vulnerability surface.
  • Ingestion points: External problem descriptions and metadata are fetched from LeetCode, HackerRank, and Codeforces URLs via the 'tinyfish agent run' command (SKILL.md).
  • Boundary markers: Instructions do not include specific delimiters or warnings to ignore potentially malicious embedded instructions within the scraped content.
  • Capability inventory: The skill is designed to write multiple files (problem.md, solution.{ext}, test_cases.md) to the current working directory and execute shell commands via the CLI (SKILL.md).
  • Sanitization: There is no evidence of validation or sanitization performed on the fetched external data before it is written to the local filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:56 AM