correction-learning
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection as it teaches the agent to treat user input following 'correction patterns' as persistent behavioral rules. Evidence: 1. Ingestion points: User conversation text containing phrases like 'no I meant' or 'always use' (SKILL.md). 2. Boundary markers: Absent; the agent is instructed to extract and apply learning immediately. 3. Capability inventory: Writing learned rules to ~/.claude-dash/learning/corrections.json. 4. Sanitization: Absent; there are no instructions to verify or filter the user's 'correction' content before storage.
- [NO_CODE] (SAFE): The skill consists entirely of natural language instructions and does not include any scripts, binaries, or package configuration files.
Audit Metadata