continuous-learning
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard, read-only version control commands such as
git logto extract project history and developer patterns for contextual awareness. It also referencesdocker composeas an example of a project-specific command used for testing environments.- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by instructing the agent to adopt rules and patterns found in project-controlled data such asCLAUDE.mdand commit messages. - Ingestion points: Actively reads project configuration files, git logs, and the
CLAUDE.mdknowledge repository. - Boundary markers: No specific delimiters or safety warnings are provided to prevent the agent from obeying malicious instructions embedded in commit messages or project documentation.
- Capability inventory: The agent can read project files, write to
CLAUDE.md, and execute shell commands for history inspection and environment management. - Sanitization: The skill does not specify any sanitization or validation logic for instructions discovered within the project context.
Audit Metadata