continuous-learning
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a self-reinforcing feedback loop that can be poisoned by untrusted data.
- Ingestion points: Scans file diffs, code content, and session logs for pattern extraction (SKILL.md).
- Boundary markers: Absent. There are no delimiters or 'ignore embedded instructions' warnings for processed code.
- Capability inventory: Writes to 'knowledge/' directory and project memory files like 'CLAUDE.md'. High-confidence patterns (>0.85) are automatically integrated into the main instructions section, effectively allowing external data to redefine the agent's system prompt.
- Sanitization: None. The skill directly interpolates extracted 'lessons' and 'observations' into markdown files used for agent guidance.
- [Persistence Mechanisms] (MEDIUM): While not modifying shell profiles, the skill establishes a form of logic persistence by writing behaviors and constraints into long-term project configuration files that influence all future sessions with the agent.
Recommendations
- AI detected serious security threats
Audit Metadata