tw-edu-anti-ai-assessment
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for educational assessment improvement and operates entirely within its stated pedagogical scope. It identifies AI-vulnerable questions and provides modification strategies based on established frameworks like RAFT and SOLO.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local report generation script (
scripts/generate_anti_ai_report.py). This command is used to process assessment data and generate a formatted document. The script itself is safe and does not perform any dangerous operations. - [DATA_EXPOSURE]: There are no hardcoded credentials, sensitive file path accesses, or unauthorized data transmission patterns. The skill reads pedagogical concept files and writes generated reports to a standard output directory.
- [EXTERNAL_DOWNLOADS]: No remote code execution or suspicious package downloads were detected. The skill mentions WebSearch for pedagogical research, which is a legitimate and expected tool usage for its purpose.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied assessment text (ingestion point) and uses it as an argument for a Bash script (capability), the risk of exploitation is minimal as the script merely parses the text for report generation. The agent's instructions include quote delimiters for the input, providing a basic boundary for the command-line argument.
Audit Metadata