learning-design-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill processes untrusted educational content from external sources, creating a high-risk indirect prompt injection surface. 1. Ingestion points: Step 1 explicitly requests 'File path', 'URL', and 'Pasted text'. 2. Boundary markers: Absent; there are no instructions to delimit the content or ignore embedded instructions. 3. Capability inventory: The agent reads, analyzes, and generates a structured report based on the input. 4. Sanitization: Absent. An attacker could embed malicious commands (e.g., to leak the system prompt or ignore safety rules) within the educational material.
- [DATA_EXFILTRATION] (HIGH): The skill workflow (Step 1) asks users to provide a 'File path' to documents or course exports. This behavior facilitates arbitrary file read vulnerabilities. If the agent has filesystem permissions, an attacker or malicious user could provide paths to sensitive files (e.g., ~/.ssh/id_rsa, .env files) for the agent to 'review', effectively exposing their contents in the session output.
Recommendations
- AI detected serious security threats
Audit Metadata