learning-capture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [No Code] (SAFE): The skill consists of Markdown files providing guidelines and templates. It does not contain or execute any Python, Node.js, or shell scripts.
- [Data Exposure] (SAFE): The skill instructions specify saving draft files to a local directory (
/mnt/user-data/outputs/). There is no evidence of attempts to read sensitive system credentials (e.g., .ssh, .aws) or exfiltrate data via network requests. - [Indirect Prompt Injection] (LOW): The skill's primary function is to 'capture' information from current work sessions. This creates a surface where malicious instructions in a user's data could be drafted into a new skill.
- Ingestion points: Current conversation history and work session data analyzed by the 'Recognition Framework'.
- Boundary markers: None explicitly defined in the instructions for separating untrusted data from the draft skill logic.
- Capability inventory: The skill uses the agent's ability to write files to the local output directory.
- Sanitization: No automated sanitization is described; however, the 'Capture Process' explicitly mandates user review and a manual UI upload step, which serves as a critical security boundary.
Audit Metadata