ai-learnt
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill processes the current conversation history, which may include untrusted data from user inputs, file content, or tool outputs (SKILL.md).
- Boundary markers: No boundary markers or specific instructions are provided to distinguish between legitimate user feedback and malicious instructions embedded in the source text.
- Capability inventory: The skill possesses file-write capabilities targeting global configuration files (
~/.claude/skills/), project configuration (CLAUDE.md), and project-specific memory files (SKILL.md). - Sanitization: There are no instructions for sanitizing or validating the extracted 'lessons' against safety protocols before they are written to persistent storage.
Audit Metadata