learning-capture
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill extracts workflows and domain knowledge from conversation history to generate new AI instructions, potentially allowing adversarial patterns to be formalized into future sessions.\n
- Ingestion points: Conversation history and user interactions (SKILL.md, Step 1).\n
- Boundary markers: Absent; no delimiters are used to isolate untrusted data during the capture process.\n
- Capability inventory: File system write access to
/mnt/user-data/outputs/(SKILL.md, Step 4).\n - Sanitization: Absent; the skill relies on a mandatory human review and upload step as the primary security control (SKILL.md, Step 5).
Audit Metadata