style-learner
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
mkdir,cat,ls) to manage user-specific style profiles within a local application directory at~/.xiaodazi/styles/. These operations are limited to a specific data path and are consistent with the skill's stated purpose of style persistence. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted user-provided text samples to generate 'style profiles' which are subsequently injected into the prompt context for future tasks.
- Ingestion points: User text samples and conversation history are read and processed to generate JSON style profiles in
SKILL.md(Phases 1 and 2). - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands mentioned when the extracted style is applied to the generation prompt in Phase 3.
- Capability inventory: The skill performs file system operations including directory creation, file writing, and listing via subprocess calls.
- Sanitization: No evidence of sanitization, filtering, or validation of the extracted style data is provided before it is interpolated into future prompts.
Audit Metadata