teach
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external information from untrusted sources (curated in
RESOURCES.md) and user-provided goals to generate educational material. It lacks instructions for boundary markers or content sanitization, which could allow malicious instructions embedded in those resources to influence the agent's behavior during the generation of explainers or learning records.\n - Ingestion points: External data from URLs in
RESOURCES.mdand user-provided input inMISSION.md.\n - Boundary markers: Absent; the skill does not define delimiters to isolate external content from the agent's internal instructions.\n
- Capability inventory: Writing to the local file system (creating HTML explainers and Markdown records) and generating CLI commands.\n
- Sanitization: Absent; there are no instructions to validate or escape external data before it is interpolated into prompts or files.\n- [COMMAND_EXECUTION]: The skill encourages the agent to provide CLI commands for the user to open or interact with the generated HTML explainers. If the content generation is compromised via indirect prompt injection from a malicious resource, the agent could be manipulated into suggesting dangerous shell commands to the user under the guise of legitimate educational interaction.
Audit Metadata