Oathe Security Badge

Is ChantillyAn/homework-grader safe?

https://github.com/ChantillyAn/homework-grader

86
SAFE

This is a comprehensive AI-powered homework grading system that appears legitimate and well-designed for educational use. The main security considerations stem from its core functionality of processing user content through LLM systems rather than malicious intent. The skill demonstrates good security awareness with documented safeguards for handling untrusted content.

Category Scores

Prompt Injection 70/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

MEDIUM User content processed in LLM prompts -30

The skill processes user-provided rubric YAML files and student submissions through LLM scoring prompts. While documentation mentions proper handling of untrusted content with XML boundaries and structured output, there remains risk of prompt manipulation through crafted rubric definitions or student submissions.

LOW Python scripts present in skill -15

The skill contains multiple Python scripts for grading functionality including batch_score.py, stats.py, calibrate.py, preprocess.py, and export_excel.py. These appear to be legitimate components of the grading system but represent executable code.

LOW Academic data processing risks -15

The skill's core function involves processing student submissions and academic content through AI systems, which inherently carries privacy and data handling risks. However, the system shows good awareness of these concerns with anonymization features and quality control measures.

INFO Clean network behavior -5

Network monitoring shows only legitimate connections to GitHub for cloning and standard DNS resolution. No unexpected external communications or data exfiltration attempts detected.