codify-learning
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies 'learnings' from untrusted session data such as PR feedback and errors, instructing the agent to codify them into the project configuration. This creates an attack surface where malicious input in a PR or error log could trick the agent into writing unsafe rules or configurations.
- Ingestion points: Session history, PR comments, and debugging logs.
- Boundary markers: None; the 'Default codify' policy encourages immediate adoption.
- Capability inventory: Read and write access to project files including settings.json and CLAUDE.md.
- Sanitization: None provided.
- Persistence Mechanisms (MEDIUM): The skill explicitly directs the agent to modify 'Hooks' and 'settings.json'. In development environments, hooks (like git hooks) are executable scripts. Modifying these allows the agent to establish persistence or execute arbitrary commands automatically during the developer's normal workflow.
- Dynamic Execution (MEDIUM): The 'codification' process involves generating and writing logic to configuration or executable files at runtime based on the current session context, which constitutes dynamic script generation.
Audit Metadata