learn
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts and persists 'learnings' from untrusted conversation data.
- Ingestion points: Extracts information from the 'current session' (conversation history).
- Boundary markers: Missing clear delimiters to separate user data from instructions.
- Capability inventory: Persists data to a 'learnings log' and modifies other skills, which may lead to persistent instruction overrides.
- Sanitization: No evidence of input validation or instruction filtering before data is saved.
- [NO_CODE]: This skill contains no executable code or scripts, relying solely on markdown-based instructions for the agent.
Audit Metadata