continuous-learning
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest data from user development sessions to generate instructions and clustering into new skills.
- Ingestion points: Development session context and coding patterns extracted via 'PreCompact' and 'Stop' hooks as mentioned in
SKILL.md. - Boundary markers: Absent; no mention of delimiters or instructions to ignore embedded code-level injections during pattern extraction.
- Capability inventory: File-write operations to
.claude/instincts/and logic for skill generation/evolution. - Sanitization: Absent; the documentation does not describe any validation or escaping of extracted patterns before they are used to 'evolve' into skills.
- Data Exposure (LOW): The skill automates the extraction and local storage of development patterns to
.claude/instincts/. While no network exfiltration is hardcoded, the/instinct-exportcommand provides a mechanism for sharing potentially proprietary or sensitive architectural decisions. - No Code (SAFE): The provided skill consists solely of markdown documentation and YAML frontmatter. No executable scripts, binaries, or configuration files were included for analysis.
Audit Metadata