teach
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to read and process multiple files from the local workspace that could contain adversarial instructions. 1. Ingestion points: MISSION.md, RESOURCES.md, and files within the learning-records and reference directories. 2. Boundary markers: Absent; the instructions do not define delimiters to separate content from instructions. 3. Capability inventory: The agent is authorized to read and write workspace files and execute shell commands. 4. Sanitization: No content validation or sanitization is mentioned for ingested data.
- [COMMAND_EXECUTION]: The skill instructions specify that the agent should 'open the lesson file for the user by running a CLI command,' which involves model-driven shell command execution.
Audit Metadata