learn
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs command execution for validation and deployment of new skills.
- It executes a local validation script located at
skills/learn/scripts/validate_skill.pyusing theuvrunner. - It uses shell commands to copy files to the persistent storage at
~/.claude/skills/, which is necessary for the skill's primary function of cross-session knowledge persistence. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by transforming session data into persistent agent instructions.
- Ingestion points: Content from the current session, including user workflows and workarounds, is ingested to create new
SKILL.mdfiles. - Boundary markers: The skill provides a structural template for new skills (Phase 4) but does not explicitly instruct the agent to sanitize or ignore potentially malicious instructions embedded in the session data.
- Capability inventory: The skill uses
Writeto create new skill definitions and allowsBash(uv run python*)for generated scripts. - Sanitization: There is no explicit sanitization or validation of the session content before it is persisted into the new skill's instructions.
Audit Metadata