continuous-learning
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted session transcripts to generate new agent behaviors. Malicious instructions in the conversation could be 'learned' and saved as a persistent skill.\n
- Ingestion points: The skill reads session conversation history from the path specified in
CLAUDE_TRANSCRIPT_PATH(SKILL.md).\n - Boundary markers: None mentioned. The skill lacks delimiters or logic to distinguish between legitimate user patterns and adversarial instructions embedded in the transcript.\n
- Capability inventory: The skill has the ability to write new skill directories and
SKILL.mdfiles to the filesystem in~/.claude/skills/learned/(SKILL.md, config.json).\n - Sanitization: None identified. There is no evidence that the extracted content is validated or sanitized for safety before being written to the skill directory.\n- [COMMAND_EXECUTION]: The skill performs filesystem write operations to create persistent storage for learned patterns. By saving content to the agent's skill directory (
~/.claude/skills/learned/), it provides a mechanism for untrusted data to become a permanent part of the agent's executable instructions and capabilities across future sessions.
Audit Metadata