create-lecture
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its core workflow of processing untrusted data.
- Ingestion points: In Phase 0 and Phase 1, the agent is instructed to read "Any source papers / existing slides the user provided" and "extract key ideas".
- Boundary markers: The instructions lack delimiters or specific warnings to ignore system-like instructions that may be contained within the source papers or PDFs.
- Capability inventory: The skill allows the use of
Bash,Task,Write, andEdittools, which could be leveraged to perform unauthorized actions if an injection is successful. - Sanitization: There is no mention of sanitizing, filtering, or validating the content extracted from external documents before it is used to influence the workflow.
Audit Metadata