learn-add
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by integrating unsanitized user content into documentation.
- Ingestion points: The skill reads user-provided arguments ($ARGUMENTS) and existing .learn.md files.
- Boundary markers: No delimiters or safety instructions are used when appending new lessons to files.
- Capability inventory: The skill possesses file-writing (Write), configuration-editing (Edit), and git-execution (Bash) capabilities.
- Sanitization: Input text for lessons is not validated or escaped before being written to disk.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute scoped git operations ('git add' and 'git commit') for maintaining version history.
- [COMMAND_EXECUTION]: The skill requests access to the Edit tool for 'jaan-to/config/settings.yaml' in its metadata. This grants the capability to modify the plugin's own configuration settings, which is not required by the logic described in the phases.
Audit Metadata