retrospective
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to summarize session history and outcomes, which are inherently untrusted if the task involved processing external content (e.g., error logs from an external site, code reviews).
- Ingestion points: Multi-step implementation logs, debugging session context, and task history (File: SKILL.md).
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the session data.
- Capability inventory: Uses
file: writeand invokeslearn-from-thisto generate new skills (File: SKILL.md). - Sanitization: Absent. The skill directly translates perceived patterns and insights from the session into persistent artifacts.
- Risk: An attacker could embed instructions in a 'failed' code attempt or a 'debug log' that the agent then 'learns' and incorporates into a permanent skill or backdoored documentation.
Recommendations
- AI detected serious security threats
Audit Metadata