cc-skill-continuous-learning
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted session transcripts to identify patterns, creating a surface for indirect prompt injection.\n
- Ingestion points: Reads from
CLAUDE_TRANSCRIPT_PATHinevaluate-session.sh.\n - Boundary markers: No delimiters or safety instructions are used when signaling the agent to evaluate patterns.\n
- Capability inventory: Executes
grep,jq, andmkdir. No sensitive write or remote execution capabilities identified.\n - Sanitization: Transcript content is not sanitized or escaped.\n- [DATA_EXFILTRATION]: The skill reads from
CLAUDE_TRANSCRIPT_PATH, which contains sensitive interaction logs. This access is necessary for session evaluation, and no network exfiltration was detected.\n- [COMMAND_EXECUTION]: The skill executes shell commands (grep,jq,mkdir) to process configuration and transcript data. These operations are performed locally using standard utilities.
Audit Metadata