course-description-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill lacks sufficient isolation for untrusted data processed during analysis. \n
- Ingestion points: The skill reads external, untrusted content from
/docs/course-description.mdin Step 2.1. \n - Boundary markers: No delimiters or 'ignore instructions' warnings are used to separate course data from instructions. \n
- Capability inventory: The skill has the capability to create directories (
mkdir -p), write markdown assessment reports, and modify themkdocs.ymlconfiguration file. \n - Sanitization: No sanitization, escaping, or schema validation is applied to the input content before it is processed. \n- [Command Execution] (LOW): The skill explicitly instructs the agent to use shell commands (
mkdir -p) for managing the directory structure. While this is a functional requirement, it represents a capability that increases the potential impact of a prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata