lessons-learned
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest 'lessons' from local markdown files in the
docs/lessons/directory and apply them as active constraints for the agent's behavior. This creates a surface for indirect prompt injection if malicious or conflicting instructions are stored in the lesson cards. - Ingestion points: Lessons are loaded from
docs/lessons/_index.mdand individual card files likedocs/lessons/<card-id>.mdduring the 'Recall Phase'. - Boundary markers: The skill lacks explicit instructions for the agent to treat loaded lesson content as untrusted data or to use specific delimiters (e.g., XML tags or clear separators) when integrating these constraints into the prompt.
- Capability inventory: The skill includes instructions for file system operations (reading and writing files and directories), which are used to maintain the lesson repository.
- Sanitization: There is no defined process for validating, escaping, or filtering the text within lesson cards before it is used to influence agent decisions.
Audit Metadata