alignagent-adaptive-learner-intelligence

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection within its diagnostic workflow. The 'SkillGapAgent' class implements a method that interpolates untrusted learner assessment data directly into a prompt for diagnostic reasoning without sufficient sanitization or protective delimiters.
  • Ingestion points: The _build_diagnostic_prompt method in SKILL.md (Example 2) takes learner-supplied content (specifically selected_answer and concepts metadata) and embeds it into a template used to generate AI reasoning.
  • Boundary markers: While the data is formatted using JSON encoding, the prompt template lacks explicit instructions to the model to ignore control sequences or instructions embedded within the data strings.
  • Capability inventory: The resulting AI output determines the diagnostic explanations and the queries used to retrieve external educational resources.
  • Sanitization: The implementation relies on standard JSON serialization which, while managing structure, does not prevent linguistic prompt injection intended to override the agent's behavior.
  • [EXTERNAL_DOWNLOADS]: The skill references research and methodology from a public academic repository (arXiv) for the ALIGNAgent framework. This is a neutral reference to established educational research.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 07:57 AM
Security Audit — agent-trust-hub — alignagent-adaptive-learner-intelligence