capture-learning
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/capture-learning.tsexecutesgit rev-parse --show-toplevelto identify the project root for local file storage. This is a standard and safe operation. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface (Category 8) by recording narrative text that influences future agent sessions. 1. Ingestion points: Narrative data is accepted from agent/user input in
scripts/capture-learning.ts. 2. Boundary markers: Structured with Markdown headers but lacks specific instructions for the agent to ignore embedded commands. 3. Capability inventory: Writes persistent learning logs to.claude/learnings/which are explicitly intended for later retrieval. 4. Sanitization: Uses asanitizehelper to escape Markdown characters in the global pattern log, which mitigates basic formatting-based injection attacks.
Audit Metadata