tutorial-spec
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill's logic is restricted to markdown processing and text generation.
- Indirect Prompt Injection (LOW): The skill identifies external files (
STATUS.md,GOAL.md,DECISIONS.md) as data sources. While these represent an ingestion surface for potentially untrusted data, the skill lacks the capabilities (network access, command execution, or file system modification outside ofoutput/) to execute malicious payloads if they were present in those files. - No Code (SAFE): The skill contains no scripts or external dependencies, further reducing its attack surface.
Audit Metadata