ship-learn-next
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Detected an Indirect Prompt Injection surface where the skill ingests untrusted external data and uses it to perform file operations.
- Ingestion points: External content files read via the Read tool as described in Step 1 of the skill logic.
- Boundary markers: Absent; the instructions do not implement delimiters or ignore-instructions warnings for processed content.
- Capability inventory: The skill uses the Write tool to generate Quest Plans, which could be exploited if an attacker-controlled source influences the agent.
- Sanitization: Absent; the skill extracts principles directly from raw input text.
- DATA_EXPOSURE (LOW): The skill allows the agent to read from arbitrary file paths provided by the user. While intended for processing learning materials, the lack of path restriction logic could be used to attempt access to sensitive local files.
Audit Metadata