Skills
skills/jianshuo/claude-skills/wjs-teaching-english/Gen Agent Trust Hub

wjs-teaching-english

Warn

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Python script (scripts/build_lesson.py) with the --word parameter populated from user input. This pattern is susceptible to command or argument injection if the agent does not strictly sanitize the input before shell execution.
  • [COMMAND_EXECUTION]: The skill uses hardcoded absolute paths (/Users/jianshuo/code/mira/search-app), which reveals the specific local directory structure of the host environment.
  • [EXTERNAL_DOWNLOADS]: The skill specifies a dependency on the volcengine Python package (version 1.0.58) and interacts with an external service hosted on Vercel (search-app-three-kappa.vercel.app). These are documented as requirements for the video processing and text-to-speech functionality.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 21, 2026, 12:58 AM
Security Audit — agent-trust-hub — wjs-teaching-english