Skills
skills/featbit/featbit-release-decision-agent/learning-capture/Gen Agent Trust Hub

learning-capture

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from an external source (project database via project-sync) into the agent context, which presents a surface for indirect prompt injection if those fields contain malicious instructions.
  • Ingestion points: Data is read from hypothesis, primaryMetric, experiments, and lastLearning fields via the get-project command.
  • Boundary markers: Absent. The instructions do not specify using delimiters or 'ignore' instructions when reading this data.
  • Capability inventory: The skill can write to the filesystem (artifacts/learning-[date].md) and execute state-modifying commands via project-sync (update-state, upsert-experiment, add-activity).
  • Sanitization: No explicit sanitization or validation of the retrieved database content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:28 PM