Skills
skills/vibeeval/vibecosystem/continuous-learning/Gen Agent Trust Hub

continuous-learning

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The shell script evaluate-session.sh executes standard system utilities including mkdir, grep, and jq to manage local directories and verify session metadata.- [PROMPT_INJECTION]: The skill's primary function is to process session transcripts to extract 'learned skills', which creates a surface for indirect prompt injection.
  • Ingestion points: evaluate-session.sh reads session transcripts from the path provided in the CLAUDE_TRANSCRIPT_PATH environment variable.
  • Boundary markers: Absent; the skill does not use delimiters or explicit instructions to ignore potentially malicious content within the session transcript.
  • Capability inventory: The skill can write to the local filesystem (mkdir) and has read access to environment variables.
  • Sanitization: No sanitization or validation of the transcript content is performed before the agent is signaled to evaluate it for pattern extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:03 AM
Security Audit — agent-trust-hub — continuous-learning