skill-knowledge-work
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, guiding the agent on how to manage different workflow contexts (Dev vs. Knowledge). It does not contain any malicious patterns or dangerous command execution.
- [DATA_EXPOSURE]: The skill utilizes a local directory (
.claude-octopus/learnings/) to store and retrieve session summaries in JSON format. This is an application-specific persistence mechanism and does not target sensitive system files or credentials. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading previously stored learning files into the current context.
- Ingestion points: Reads files from the
.claude-octopus/learnings/directory. - Boundary markers: Not explicitly defined in the skill documentation.
- Capability inventory: The skill describes capabilities for research, document building, and review workflows.
- Sanitization: No specific sanitization or validation of the JSON content is mentioned beyond the specified schema. However, as this data is generated by the agent itself in prior sessions, the risk is minimal in standard operation.
Audit Metadata