continual-learning
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local file system paths containing sensitive user interaction data. It reads from
~/.cursor/projects/<workspace-slug>/agent-transcripts/, which contains histories of past conversations that may include sensitive project or personal information. - [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill processes untrusted historical chat data to generate long-term memory in
AGENTS.md. - Ingestion points: Conversation logs located in
~/.cursor/projects/<workspace-slug>/agent-transcripts/. - Boundary markers: Absent. The skill does not define specific delimiters or instructions to prevent extracted text from being interpreted as instructions by the agent in future sessions.
- Capability inventory: The skill has capabilities to read and write files locally, including the persistent memory file
AGENTS.md. - Sanitization: While the skill provides high-level instructions to exclude secrets and sensitive data, it lacks structural sanitization or escaping to prevent the promotion of malicious instructions from transcripts into persistent memory.
Audit Metadata