continuous-learning
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill creates a significant attack surface for Indirect Prompt Injection by synthesizing and saving new instruction sets (skills) from untrusted data sources.
- Ingestion points: Conversation history, task context, and results from
WebSearchare used to generate skill content. - Boundary markers: The system lacks structural delimiters to prevent embedded instructions in processed data from influencing the generated skill logic.
- Capability inventory: The skill uses high-privilege tools like
Write,Edit, andSkillto persist and load new instructions. - Sanitization: Relies on behavioral instructions for the AI rather than technical filtering of generated markdown/YAML.
- [COMMAND_EXECUTION]: Installation requires the user to execute local shell commands and configure a persistent terminal hook script (
continuous-learning-activator.sh). While the provided script is informational, the use of execution hooks for external scripts introduces a path for local code execution. - [EXTERNAL_DOWNLOADS]: The README directs users to download the skill from an external repository (
github.com/blader/claude-code-continuous-learning-skill.git). This repository owner does not match the provided author context ('ckorhonen'), which is a metadata discrepancy.
Audit Metadata