continuous-learning
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
evaluate-session.shuses standard system utilities includingmkdir,grep,cat,sed, andjq. These are used to manage local storage in~/.claude/skills/learned/and to parse metadata from the session transcript. These operations are conducted within the user's local environment with appropriate quoting to ensure safety. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it processes session transcripts, which contain untrusted user-controlled content, to extract reusable patterns.
- Ingestion points: The
evaluate-session.shscript accesses the session transcript through thetranscript_pathprovided by the agent hook. - Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' markers used when the script prepares the session for evaluation.
- Capability inventory: The script can create directories and read files. The broader skill intent facilitates the agent writing new logic (learned skills) to the local file system based on the contents of the transcript.
- Sanitization: No sanitization or validation of the transcript content is performed by the shell script, as it focuses on evaluating metadata (session length) before triggering the agent's internal learning process.
Audit Metadata