learn
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to capture 'non-obvious' configurations and environment variables, specifically referencing
agent_docs/ENVIRONMENT_VARIABLES.md. This could lead to the exposure of sensitive credentials or internal system details if they are documented in that location. - [PROMPT_INJECTION]: The 'learning' mechanism creates a persistent feedback loop where session data is written into
AGENTS.mdfiles, which act as instructions for future agent sessions. This is vulnerable to indirect prompt injection if untrusted input is summarized as a 'learning' and persisted as a future behavioral constraint. - Ingestion points: Session-derived insights derived from arbitrary tasks and potentially untrusted tool outputs.
- Boundary markers: None. The instructions do not specify the use of delimiters or instructions to ignore embedded commands in the captured content.
- Capability inventory: File writing capabilities to root-level and skill-specific
AGENTS.mdfiles andagent_docs/LESSONS.md. - Sanitization: None. The instructions lack guidance on sanitizing the captured insights before persisting them.
- [COMMAND_EXECUTION]: The skill requires the agent to perform file system write operations to update
AGENTS.mdandLESSONS.mdfiles.
Audit Metadata