teach
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to "open the lesson file for the user by running a CLI command" after creation. This pattern, intended for user convenience, can be exploited if the command execution is not restricted to safe file-opening utilities.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process data from external sources and user-generated notes.
- Ingestion points:
RESOURCES.md,NOTES.md, andMISSION.md(viaSKILL.md). - Boundary markers: None specified to differentiate between instructions and educational content.
- Capability inventory: File system write access (
./lessons/*.html,./learning-records/*.md, etc.) and CLI command execution. - Sanitization: No mention of escaping or validating content retrieved from external resources.
Audit Metadata