geist-learning-lab
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions targeting agent behavior override, safety filter bypass, or system prompt extraction were detected in any of the skill's instructional files.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive system paths (e.g., SSH keys, AWS credentials) or perform network operations to external domains. Progress tracking is limited to standard browser localStorage.
- [Obfuscation] (SAFE): All code snippets and documentation are provided in cleartext without the use of Base64 encoding, zero-width characters, or homoglyph-based evasion techniques.
- [Unverifiable Dependencies] (SAFE): The skill references well-known, industry-standard packages such as Next.js, Framer Motion, and Zustand, which are appropriate for its stated purpose of building web applications.
- [Privilege Escalation] (SAFE): There are no commands related to sudo, chmod, or other administrative permission modifications.
- [Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or system startup services.
- [Indirect Prompt Injection] (SAFE): While the skill defines a system for processing external MDX content, it is primarily a display-and-interaction framework (INFO tier) and does not provide an automated vector for untrusted data to influence high-privilege agent capabilities.
Audit Metadata