ship-learn-next
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: Untrusted data enters via the Read tool (SKILL.md Step 1). 2. Boundary markers: Absent; there are no instructions for the agent to treat the content as data only or to ignore embedded instructions. 3. Capability inventory: The skill uses Read and Write tools, providing the agent with the ability to interact with the filesystem. 4. Sanitization: Content is processed directly for lesson extraction without filtering.
- [COMMAND_EXECUTION] (LOW): The skill uses the Read tool on user-specified paths. While part of the feature set, this presents a risk if an attacker uses indirect prompt injection to trick the agent into reading sensitive files like ~/.ssh/id_rsa or .env files.
Recommendations
- AI detected serious security threats
Audit Metadata