learning-docs
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses local shell utilities (jq, grep, ls, sort, uniq) to analyze session history logs stored in ~/.claude/projects/.\n- [COMMAND_EXECUTION]: Invokes a local Obsidian CLI command to append project patterns and findings to an external note-taking application.\n- [PROMPT_INJECTION]: Ingests potentially untrusted data from git logs and previous session history, creating a surface for indirect prompt injection.\n
- Ingestion points: Reads data from git history, the LEARNING.md file, and session JSON files.\n
- Boundary markers: No specific delimiters or instructions are used to sanitize or isolate content from these sources.\n
- Capability inventory: Capable of writing to project files and executing local shell commands.\n
- Sanitization: No validation or escaping is applied to ingested strings before they are utilized in documentation or shell operations.
Audit Metadata