Skills
skills/gotar/opencode-config/self-learning/Gen Agent Trust Hub

self-learning

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface via Self-Modification Loop (Category 8).
  • Ingestion points: scripts/analyze_traces.py ingests untrusted data from markdown trace files located in the directory provided to the --traces argument.
  • Boundary markers: No boundary markers or "ignore instructions" delimiters are used when processing the trace content or when writing the resulting adaptations.
  • Capability inventory: scripts/apply_adaptation.py possesses the capability to modify the agent's primary instruction files (.md) by appending or inserting "Learning Rules" derived from the trace analysis.
  • Sanitization: There is no sanitization or human-in-the-loop validation of the content extracted from traces before it is interpolated into the agent's instruction set. This allows an attacker who can influence trace logs (e.g., by causing specific errors) to persistently alter the agent's system instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:29 PM