Skills
skills/xingyun-new/skills-xiaosimen/math-teacher/Gen Agent Trust Hub

math-teacher

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Bash scripts (generate_game.sh, generate_playground.sh) to dynamically construct HTML files and manage local directories.
  • [COMMAND_EXECUTION]: Includes an automated Git publishing workflow that executes git add, git commit, and git push to synchronize generated artifacts with a remote GitHub repository.
  • [EXTERNAL_DOWNLOADS]: Mandates the inclusion of a remote JavaScript library (feishu-sync.js) from the vendor's GitHub repository in all generated artifacts.
  • [DATA_EXFILTRATION]: Transmits student performance metrics, including scores and incorrect answers, to the vendor's synchronization service (Feishu/Vercel proxy).
  • [REMOTE_CODE_EXECUTION]: Employs the eval() function within references/algebra.md for evaluating user-provided mathematical expressions, which is a potential vector for code injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 03:03 PM