glossary-generator

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill performs legitimate educational content generation tasks using local documentation files. It does not engage in network activity or handle sensitive credentials.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external documentation files to generate its output.\n
  • Ingestion points: Reads files from docs/learning-graph/02-concept-list-v1.md, docs/course-description.md, and recursively through /docs/**/*.md (SKILL.md).\n
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions within the processed data.\n
  • Capability inventory: Limited to reading and writing local documentation files (e.g., docs/glossary.md, mkdocs.yml) and creating JSON indices. No tools for network access, subprocess execution, or dynamic code evaluation are utilized.\n
  • Sanitization: Absent. Input text from markdown files is interpolated directly into prompts for definition generation without filtering.\n
  • This surface is assessed as safe because the skill lacks the high-privilege capabilities necessary for impactful exploitation of injected instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 12:37 AM
Security Audit — agent-trust-hub — glossary-generator