learn-learnt
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill extracts session lessons and saves them to global and project-specific configuration files, which is a surface for indirect prompt injection (or behavior poisoning) if an attacker can influence the conversation to inject malicious instructions.
- Ingestion points: Processes conversation history, user corrections, and validated patterns as the source for new rules.
- Boundary markers: Absent; there are no specific markers or instructions to isolate the extracted content or explicitly warn the agent about ignoring embedded commands.
- Capability inventory: The skill utilizes file-writing capabilities to modify
~/.agents/skills/,AGENTS.md, and project memory files. - Sanitization: Absent; the skill does not specify any validation or sanitization logic for the extracted information before writing it to the configuration files.
Audit Metadata