yc-5-launching
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads curriculum transcripts from its own reference directory and writes generated workbooks to the 'knowledge/yc-startup-school/' path. This is a legitimate use of the file system for an educational agent and does not involve accessing sensitive system files or credentials.
- [COMMAND_EXECUTION]: The skill uses the 'AskUserQuestion' tool to interactively engage with the user. This is a standard communication method for this type of agent and does not involve executing arbitrary shell commands or external scripts.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from user responses provided during the interactive workbook session.
- Ingestion points: User responses to self-assessment questions via 'AskUserQuestion'.
- Boundary markers: None explicitly defined in the prompt instructions for isolating user input.
- Capability inventory: File-writing capabilities to the local knowledge base.
- Sanitization: No specific sanitization or validation of user input is described before writing results to a file.
- While this presents a minor attack surface for indirect injection, the risk is negligible as the skill only persists data to the user's own knowledge base without performing high-risk actions like network exfiltration or system modification.
Audit Metadata