Skills
skills/wubing2023/exampass-assistant/exampass/Gen Agent Trust Hub

exampass

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The /exampass update command instructions in SKILL.md direct the agent to fetch code updates from the author's repository at https://github.com/WUBING2023/ExamPass-Assistant.git and install Python packages from requirements.txt using pip.
  • [COMMAND_EXECUTION]: The skill's update mechanism involves the execution of multiple shell commands, including git fetch, git pull, and pip install, to manage the skill's environment and source code.
  • [PROMPT_INJECTION]: The skill extracts text from user-provided PPTX, DOCX, and PDF files and processes it through specialized AI sub-agents, creating an indirect prompt injection surface.
  • Ingestion points: Text is extracted in scripts/extractor.py and scripts/run_exampass.py from external documents.
  • Boundary markers: Analysis of the sub-agent prompts in agents/skeleton-agent.md, agents/notes-agent.md, and agents/item-agent.md shows an absence of delimiters or specific instructions to disregard malicious commands embedded in the source text.
  • Capability inventory: The skill utilizes scripts/template_engine.py to write generated HTML files and scripts/run_exampass.py to save intermediate data to the filesystem.
  • Sanitization: Extracted content is interpolated directly into agent prompts without sanitization or filtering to prevent instruction override.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:06 PM
Security Audit — agent-trust-hub — exampass