learning
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash commands to interact with its backends. This includes
qmdfor local indexing andagent-fsfor remote storage. These are functional requirements for the skill's stated purpose of knowledge management. - [EXTERNAL_DOWNLOADS]: The skill references two external tools:
qmd(github.com/tobi/qmd) andagent-fs(@desplega.ai/agent-fs). Both are well-known or vendor-owned utilities for search and storage. No execution of arbitrary remote scripts was detected. - [CREDENTIALS_UNSAFE]: The skill manages an
AGENT_FS_API_KEYfor remote storage. It correctly instructs the user to provide this via environment variables or manual entry, and stores configuration in a local hidden file (~/.agentic-learnings.json), which is standard practice for CLI-based agent tools. - [DATA_EXFILTRATION]: While the skill can send data to a remote backend (
agent-fs), this is an opt-in feature configured by the user for 'Shared' learnings. The skill explicitly asks the user for the scope (Personal vs. Shared) before writing to remote storage. - [PROMPT_INJECTION]: No malicious prompt injection patterns were found. The instructions focus on structured data capture and routing based on user commands.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided 'insights' and 'topics'. It uses structured frontmatter and markdown templates to isolate this data. The risk is minimized by the fact that the agent is the one formatting the data into local files, and there are no automated execution paths for the content of these learnings.
Audit Metadata