session-learn
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted session data (user conversations) and persists extracted information into a wiki that the agent likely references in future sessions. This could allow a malicious user to inject persistent instructions or false information into the agent's long-term memory.
- Ingestion points: The entire conversation history and tool execution logs are scanned for knowledge signals (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are used to distinguish untrusted user input from verified knowledge during the extraction process.
- Capability inventory: The skill performs comprehensive file system operations, including creating and modifying files in the
wiki/,decisions/,creativity/, andsystem/directories. - Sanitization: The skill performs deduplication but does not mention sanitizing or validating the content extracted from the session.
Audit Metadata