money-learn
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill architecture creates a persistent memory system that auto-loads data from a local file (
learnings.jsonl) into the prompt context of multiple other skills. While this is the intended purpose, it establishes an indirect prompt injection surface. - Ingestion points: Data enters the agent context from the file located at
~/.smtm/projects/{slug}/learnings.jsonl(found in SKILL.md). - Boundary markers: The instructions do not specify the use of delimiters (e.g., XML tags or backticks) or 'ignore embedded instructions' warnings when auto-loading learnings into other skills' preambles.
- Capability inventory: The skill suite is designed to perform file read and write operations on the local file system.
- Sanitization: There are no explicit instructions to sanitize or validate the content of the 'pattern' or 'evidence' fields before they are injected into the agent's reasoning chain.
- [DATA_EXFILTRATION]: The skill manages application data within the user's home directory.
- Evidence: Interacts with paths matching
~/.smtm/projects/{slug}/learnings.jsonl(found in SKILL.md). - Analysis: The use of a dynamic
{slug}variable in file paths is for project organization. While theoretically a surface for path traversal if handled incorrectly by the agent, it is used here as a standard organizational pattern for the tool's own data and does not target known sensitive system files.
Audit Metadata