learn
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as prompt injection, obfuscation, or unauthorized data exfiltration, were detected. The skill follows established patterns for project analysis and documentation.
- [DATA_EXPOSURE]: The skill reads project-level metadata (e.g., package.json, README) and source code. This data access is localized to the current project and does not target sensitive system paths like SSH keys or cloud credentials.
- [COMMAND_EXECUTION]: The skill uses tools to inspect the project structure and git history, which is expected for its intended functionality of project deep-diving.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading project files which could contain malicious instructions. Ingestion points: Reads files like README and source code during exploration. Boundary markers: None explicitly defined. Capability inventory: Performs file-read, file-write to 'tmp/learn.md', and calls the '/infographic' tool. Sanitization: None explicitly defined in the prompt instructions.
Audit Metadata