leetcode-teacher
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands and Python scripts to manage the user's learning progress.\n
- It uses
subprocess.run()inscripts/finish_problem.pyto perform Git operations such as adding files and committing changes. These calls are implemented securely using argument lists.\n - The
scripts/git_ops.shscript facilitates the synchronization of the local practice environment with a remote Git repository viagit push.\n - The
references/normal_mode_sop.mdinstructs the agent to execute user-written Python solutions using thepython3command to verify them against test cases.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection due to its core functionality of reading and analyzing user-provided code.\n - Ingestion points: The agent ingests untrusted data when reading user-written solution files as defined in
references/normal_mode_sop.md.\n - Boundary markers: No explicit delimiters are used to separate user-provided code from the agent's instructions during analysis.\n
- Capability inventory: The skill possesses the capability to write files to disk, execute shell commands through
subprocess.run(inscripts/finish_problem.py), and interact with network services via Git operations (inscripts/git_ops.sh).\n - Sanitization: The skill does not perform sanitization or validation on user-provided content before processing or execution.
Audit Metadata