continuous-learning-v2
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a system for extracting 'patterns' from session data and promoting them to 'durable skills'.
- Ingestion points: The skill ingests untrusted data from 'completed sessions' and 'significant features/fixes' (SKILL.md).
- Boundary markers: No delimiters or isolation techniques are used to prevent instructions within the processed data from being interpreted as the 'pattern' to be learned.
- Capability inventory: The agent has the capability to 'evolve' patterns into skills, which involves writing new instruction files to the local file system.
- Sanitization: There is no evidence of sanitization or validation of the extracted patterns before they are promoted to durable instructions.
- [COMMAND_EXECUTION]: The process of 'Evolution into skills' involves the dynamic generation of new instruction and potentially script files. Since skills often contain shell commands or executable blocks, generating them from unverified session data constitutes a risk of runtime code generation and subsequent execution.
Audit Metadata