learn-define-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from past session transcripts. 1. Ingestion points: Reads session transcripts from ~/.claude/projects/ as defined in SKILL.md. 2. Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted session content during analysis. 3. Capability inventory: The skill can write to CLAUDE.md and ~/.claude/CLAUDE.md, influencing future agent behavior. 4. Sanitization: No content sanitization or instruction filtering is performed on the ingested session transcripts.
- [COMMAND_EXECUTION]: The skill accesses the internal ~/.claude/ directory to read session history and writes to CLAUDE.md configuration files. This directory contains sensitive user data and configuration that controls agent behavior. Modifying these files constitutes a persistence mechanism that alters the agent's long-term instructions.
Audit Metadata