teach
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface typical of assistant-style tools. It is designed to read and process data from external resources and historical logs to guide future interactions.
- Ingestion points: The agent reads from
MISSION.md,RESOURCES.md, and existing files in the./learning-records/directory to determine the user's level of understanding. - Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent when processing the content of these files.
- Capability inventory: The agent has permissions to read and write files within the workspace and execute shell commands to open documents.
- Sanitization: No explicit sanitization or filtering logic is prescribed for data retrieved from resources, although the use of a 'dash-case' naming convention for files provides a degree of inherent safety for CLI operations.
- [COMMAND_EXECUTION]: The skill suggests opening generated lesson files via a CLI command for user convenience. This involves executing a shell command with a filename argument derived from the lesson's name.
Audit Metadata