coding-tutor
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts that call
gitand the GitHub CLI (gh) viasubprocess.run. These commands manage the local tutorial repository and handle optional remote backups. The implementation follows security best practices by passing command arguments as lists, preventing shell injection vulnerabilities. - [DATA_EXFILTRATION]: The skill provides functionality to synchronize the user's learning profile and tutorials with GitHub. While this involves sending local data (background, goals, and code examples) to an external service, GitHub is a well-known service, and the operation is a documented feature of the skill for cross-project persistence.
- [SAFE]: The skill's behavior aligns with its stated educational purpose. It uses standard development tools and persistent storage in the user's home directory to provide a tailored learning experience without employing malicious techniques such as obfuscation or privilege escalation.
Audit Metadata