learn-from-this
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests the current session's history (untrusted data) to generate new skill files. An attacker could intentionally manipulate the interaction to trick the agent into drafting a skill that contains malicious instructions or deceptive metadata.
- Ingestion points: Conversation history and failure logs analyzed in 'Step 1: Identify The Failure'.
- Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the analyzed history.
- Capability inventory: Access to
file: writefor creating new skill files andbash(grep, ls, cat) for library management. - Sanitization: Absent; the skill does not appear to sanitize or escape content before interpolating it into the markdown template for new skills.
- [COMMAND_EXECUTION] (SAFE): The skill uses
bashandfiletools for standard maintenance tasks. No evidence of shell injection or privilege escalation was found in the static instructions. - [DYNAMIC_EXECUTION] (LOW): The skill performs automated script generation (Category 10) by writing new markdown-based skills to the library. While this is a form of self-modification, it follows a fixed template and is intended for the primary purpose of the skill.
Audit Metadata