cc-skill-continuous-learning
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The evaluate-session.sh script executes shell commands including grep, jq, mkdir, and sed. These are used to parse the local config.json file, count user messages in the transcript, and manage directory structures for learned skills.
- [DATA_EXFILTRATION]: The script accesses the CLAUDE_TRANSCRIPT_PATH environment variable to read the session conversation history. While the script currently uses this data only to count user messages, access to session transcripts constitutes exposure of sensitive interaction history.
- [PROMPT_INJECTION]: The skill facilitates 'Continuous Learning' by prompting the agent to analyze previous conversation transcripts. This creates an Indirect Prompt Injection surface (Category 8). Malicious instructions within a transcript could potentially trick the agent into generating harmful 'learned skills' or performing unauthorized actions during the pattern extraction phase.
- Ingestion points: The evaluate-session.sh script identifying the CLAUDE_TRANSCRIPT_PATH for analysis.
- Boundary markers: No explicit markers or safety instructions are present to help the agent distinguish between data and embedded instructions within the transcript.
- Capability inventory: The skill is designed to write new instruction files to the ~/.claude/skills/learned/ directory.
- Sanitization: No sanitization or filtering of transcript content is performed before the agent processes it.
Audit Metadata