Security risk report for @forgecat/garethmanning_education-agent-skills v0.1.4
Source Integrity
Low
Profile is published on a known, legitimate GitHub repository (nota-america/forgecat-agent-profiles) with transparent attribution to Gareth Manning.
All skills reference peer-reviewed educational research (Gibbons, Zwiers, VanLehn, Deci & Ryan, etc.) with proper citations.
No supply-chain poisoning: no typosquatted dependencies, no hidden backdoors, no instructions to install untrusted packages or remote payloads.
Agent Intent
Low
Content describes and teaches evidence-based educational practices (scaffolding, hint design, agency development, AI literacy) — it does not instruct the AI to ignore its instructions, leak system prompts, or exfiltrate data.
Prompts embedded in skill definitions are pedagogical templates designed to guide AI in generating educational content (sentence frames, hint sequences, agency scaffolds), not to manipulate the AI into malicious behaviour.
AI Claim Checker and AI Expertise Interrogation Designer skills explicitly teach critical evaluation of AI output — they strengthen epistemic vigilance rather than weaken it or poison guidance.
Details
Findings
Invisible characters detected
docs/brief.md · SKILL-011
Evidence
Example from ai-claim-checker: 'After any AI-generated explanation, require the learner to identify one place it could be wrong, one thing to check, and one source to consult. Builds epistemic vigilance — treats AI output as a claim to evaluate, not truth to absorb.' — This is defensive, not manipulative.
Example from adaptive-hint-sequence-designer prompt: 'You are an expert in hint sequence design... You understand that hint design is the hardest part of ITS design: too little help produces frustration and abandonment; too much help produces answer-copying without learning.' — This is pedagogically sound guidance, not hidden instruction.
No evidence of role hijacking, credential theft instructions, system prompt leakage requests, or guidance poisoning (e.g., no instructions to weaken security, install backdoors, or systematically steer outputs toward attacker goals).
Permissions
Low
Profile declares no tools, no MCP servers, and no file system, shell, or network access permissions.
Skills are purely generative (produce educational content, prompts, rubrics, scaffolds) — they do not request file mutation, deletion, shell execution, or external network calls.
Authority is minimal and aligned with stated purpose: the AI is asked to generate educational guidance and design learning activities, nothing more.
Details
Evidence
No tool definitions with high-risk categories (shell, file_write, file_delete, web_fetch with alwaysApply=true).
All skills are marked disable-model-invocation=false and user-invocable=true, indicating they are designed for transparent, user-initiated invocation only.
No rules with globs='**' or unrestricted authority.
MCP Risk
Low
No MCP servers are declared in the profile.
No external binary execution, arbitrary network access, or unrestricted filesystem access is requested.
Profile is self-contained: it provides skill definitions and prompts, not server configurations or tool integrations.
Details
Evidence
MCP servers section is empty: '(none)'.
All content is markdown and YAML — no hidden instructions in tool descriptions or server definitions.