learning-engine

SUSPICIOUS. The core tutoring workflow is broadly aligned with the stated purpose and does not seek secrets or route data to attacker-controlled endpoints, but it expands trust in two notable ways: cloning arbitrary user-supplied GitHub repositories and delegating work to unverified external skills/subagents. Combined with processing untrusted content while retaining file-write capability, this creates medium-to-high security risk from transitive trust and indirect prompt injection rather than confirmed malware.