continual-learning
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated learning mechanism that mines current conversation history to update a persistent memory file (AGENTS.md). Since it ingests untrusted data from the session without explicit boundary markers, it presents an indirect prompt injection surface where malicious preferences could potentially be stored. Mitigation is handled via LLM instructions in SKILL.md. Evidence: Ingestion points: session history (SKILL.md); Boundary markers: absent; Capability inventory: fs.writeFileSync (plugin.ts); Sanitization: LLM exclusion instructions (SKILL.md).
- [COMMAND_EXECUTION]: The plugin performs local file system operations using the Node.js fs module to manage state files, the skill definition, and the memory file. These operations are limited to the local project workspace and are essential for the plugin's functionality.
- [DATA_EXFILTRATION]: The skill extracts information from the conversation and writes it to a local file. No network operations or external data transmission patterns were found.
- [EXTERNAL_DOWNLOADS]: The plugin utilizes dependencies from the @opencode-ai organization, which is the well-known provider of the targeted platform.
Audit Metadata