skills/sebas-aikon-intelligence/antigravity-awesome-skills/cc-skill-continuous-learning/Gen Agent Trust Hub
cc-skill-continuous-learning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk loop by having the agent analyze session transcripts to 'learn' new patterns.
- Ingestion Point:
evaluate-session.shaccessesCLAUDE_TRANSCRIPT_PATH, which contains the full history of the current session including untrusted data from web pages, files, or user input. - Capability Inventory: The skill triggers the agent to evaluate patterns and save them to
~/.claude/skills/learned/. This effectively allows untrusted data to influence the creation of new persistent executable skills or system instructions. - Boundary Markers: None. The transcript is processed as raw session data.
- Sanitization: None detected. The agent is simply instructed to 'evaluate for extractable patterns'.
- [Persistence] (MEDIUM): The skill's documentation (in
evaluate-session.sh) instructs users to modify~/.claude/settings.jsonto establish a 'Stop' hook. This ensures the script executes automatically at the end of every session, creating a persistence mechanism for the learning logic. - [Command Execution] (LOW): The skill relies on a local bash script (
evaluate-session.sh) and thejqutility to process session data. While standard for this type of tool, it executes local logic based on environment variables and local configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata