cc-skill-continuous-learning
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script evaluate-session.sh executes standard local commands (mkdir, jq, grep) for directory management and session transcript parsing. Evidence: evaluate-session.sh lines 43-65. These operations are restricted to the local filesystem and do not involve network access.
- [PROMPT_INJECTION] (MEDIUM): The skill facilitates Indirect Prompt Injection (Category 8) by signaling the agent to extract reusable patterns from its own conversation history. 1. Ingestion points: reads from CLAUDE_TRANSCRIPT_PATH (session history). 2. Boundary markers: Absent; no clear delimitation between transcript data and analysis instructions. 3. Capability inventory: The agent is instructed to 'evaluate for extractable patterns' and save them to the filesystem, potentially enabling persistent malicious behaviors. 4. Sanitization: Absent; the system relies on the agent's internal logic to filter malicious instructions during the learning phase.
Audit Metadata