learn
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily facilitates project documentation and configuration management. Analysis of SKILL.md and associated benchmark files shows that its operations (reading campaign files, writing to knowledge bases, and updating local agent configuration) are confined to the current project environment and align with its stated purpose of performance extraction.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads project files (campaigns, postmortems, and telemetry logs) that could contain user-influenced content and uses them to generate quality rules that affect future agent behavior.
- Ingestion points: The skill reads content from
.planning/campaigns/,.planning/postmortems/, and.planning/telemetry/audit.jsonl(SKILL.md, Step 2). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are specified for the extraction process.
- Capability inventory: The skill has file-write permissions for
.planning/knowledge/and the ability to append regex-based rules to.claude/harness.json(SKILL.md, Step 4 and 5). - Sanitization: No explicit validation or sanitization is performed on the extracted patterns or regex candidates before they are committed to the configuration file.
Audit Metadata