lessons-learned
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface through its lesson recall mechanism.
- Ingestion points: The skill reads data from
docs/lessons/_index.mdand individual markdown files within thedocs/lessons/directory to guide agent behavior. - Boundary markers: The skill instructions do not specify the use of clear delimiters or isolation wrappers (such as XML tags or "ignore embedded instructions" headers) when interpolating lesson content into the agent's primary prompt context.
- Capability inventory: The skill includes file system read and write capabilities within the repository's
docs/folder. No network access or arbitrary command execution capabilities were found in the skill's own code. - Sanitization: The skill validates metadata structure (dates, scopes, and tags) but does not sanitize the natural language content of the lessons for potentially malicious instructions that could influence the agent's future actions.
Audit Metadata