Skills
skills/richfrem/agent-plugins-skills/learning-loop/Gen Agent Trust Hub

learning-loop

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to emit events and collect metrics. It calls python3 context/kernel.py and a script at ${CLAUDE_PLUGIN_ROOT}/hooks/scripts/post_run_metrics.py. These executions depend on the presence of a specific project structure and environment variables.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes external data which could contain malicious instructions.
  • Ingestion points: The agent is instructed to read local orientation documents, primers, and context snapshots (Phase I in SKILL.md).
  • Boundary markers: The instructions lack delimiters or warnings to ignore instructions found within the ingested data.
  • Capability inventory: The skill uses Bash, Read, and Write tools, and can execute Python scripts.
  • Sanitization: No validation or sanitization is performed on the content retrieved from the external files before it is processed.
  • [EXTERNAL_DOWNLOADS]: The requirements.txt file contains a relative path (../../requirements.txt) instead of a list of packages. This creates a dependency on a file located two levels above the skill directory, which may lead to installing unexpected or unverified packages depending on where the skill is deployed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 08:22 PM
Security Audit — agent-trust-hub — learning-loop