continuous-learning
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'continuous learning' loop that updates the agent's long-term instructions based on session data, creating an indirect prompt injection surface.
- Ingestion points: Data from the working session (which may include untrusted code or documentation) is captured into the system via
scripts/capture-item.py. - Boundary markers: The system lacks technical boundary markers or 'ignore' instructions for the data being captured; it relies on natural language 'gates' described in
SKILL.mdandreferences/extraction-patterns.mdto prevent improper promotion. - Capability inventory: The skill possesses the capability to modify highly sensitive instruction files including
AGENTS.md,SOUL.md, andPRINCIPLES.md, which govern the agent's behavior and constraints. - Sanitization: The scripts (
capture-item.py,refresh-learning.py) perform no content sanitization or validation of the text being promoted into the instruction files, meaning a well-crafted malicious observation could potentially override agent safety rules if promoted.
Audit Metadata