course-generator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests external content such as transcriptions and literature for processing. This creates a surface for indirect prompt injection where instructions embedded in the source material could potentially influence the agent's behavior. The skill lacks explicit boundary markers or sanitization routines for this untrusted input.
- Ingestion points: Document reading steps in SKILL.md and references/extract_prompt.md.
- Boundary markers: Not explicitly defined for input data.
- Capability inventory: File system access via Glob and Bash tools for reading and writing files.
- Sanitization: No specific sanitization or escaping of external content is mentioned.
- [COMMAND_EXECUTION]: The skill instructs the agent to use Bash commands for directory management, such as creating archive folders. Since folder names are dynamically generated based on course themes extracted from source documents, there is a risk of command injection if the input content is maliciously crafted and the tool interface does not properly escape shell metacharacters.
Audit Metadata