prepared-environment-designer
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a text-based pedagogical tool that functions entirely within the agent's conversational context. It does not request access to external tools, network resources, or the host file system.
- [PROMPT_INJECTION]: The instructions are clearly defined and lack any patterns suggesting attempts to bypass safety filters, override system behavior, or reveal internal prompts.
- [DATA_EXFILTRATION]: No network operations (such as curl or fetch) or access to sensitive local files (e.g., credentials, environment variables, or SSH keys) were found. The skill only processes user-provided classroom descriptions.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from the
current_environmentandimprovement_goalsfields. These inputs are interpolated into the prompt without robust boundary markers (like XML tags or triple backticks). While this constitutes an attack surface, the risk is negligible because the skill possesses no capabilities (such as tool execution or network access) that an attacker could exploit.
Audit Metadata