openmaic-classroom
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill processes external data using local Python scripts (
scripts/rag-to-requirement.py,scripts/concept-to-requirement.py). These scripts use only standard libraries (json, re, sys) for text processing and do not attempt network or filesystem access. - [SAFE]: Network operations are performed through a designated MCP tool (
mcp_api_requester) rather than arbitrary shell commands. The skill provides clear instructions for environment-specific network configuration (e.g., handling Docker bridge addresses). - [SAFE]: The skill requires a user-provided access code for the hosted mode but does not contain hardcoded credentials or instructions to store secrets insecurely.
- [INDIRECT_PROMPT_INJECTION]: The skill acts as a data pipeline that processes untrusted information from RAG retrieval and wiki pages.
- Ingestion points: Ingests data from
knowledge_searchandwiki_read_pagetools as described inSKILL.md. - Boundary markers: The skill uses specific conversion scripts and pedagogical templates to structure untrusted content into a 'requirement' field before sending it to the API.
- Capability inventory: Capability to perform HTTP POST requests via MCP and execute local scripts.
- Sanitization: The conversion scripts perform text extraction, scoring, and classification to distill relevant information, reducing the surface area for injection attacks.
Audit Metadata