Skills
skills/alfredolopez80/multi-agent-ralph-loop/curator-repo-learn/Gen Agent Trust Hub

curator-repo-learn

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform repository cloning and execute local management scripts such as .claude/scripts/curator-learn.sh, curator-ingest.sh, and backfill-domains.sh.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary GitHub repositories using git clone for the purpose of analysis and knowledge extraction.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted code from external repositories to generate rules that update the agent's procedural memory in .claude/rules/learned/.
  • Ingestion points: Source code, configuration, and documentation files within external repositories cloned to the .claude/corpus/learning/ directory.
  • Boundary markers: The prompt provided to the analysis subagent (ralph-researcher) lacks clear delimiters or explicit instructions to disregard embedded commands or adversarial instructions within the source material.
  • Capability inventory: The skill has access to Bash (command execution), Write (modifying local rules and manifests), and Task (spawning autonomous subagents).
  • Sanitization: While the skill includes a URL validation step, there is no evidence of sanitizing or filtering the content of the repository files before they are analyzed to create new behavioral rules.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 11:06 AM