lessons-learned
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill mines session history for lessons to persist, which creates a surface for indirect prompt injection if malicious instructions from the session context are saved to long-term memory.
- Ingestion points: The entire conversation history of the current session.
- Boundary markers: No specific delimiters are defined for content persisted to memory files.
- Capability inventory: Write access to project-specific memory files, the global configuration (~/.claude/CLAUDE.md), and other skill files via a separate skill.
- Sanitization: A human-in-the-loop approval step (Step 4) is mandatory before any content is persisted, effectively mitigating the risk of unintentional malicious injection.
- [NO_CODE]: The skill consists entirely of markdown instructions and documentation; it does not contain any executable scripts, binaries, or automated package installations.
- [SAFE]: The primary purpose of the skill is session persistence, which is managed through explicit user approval and clear quality guidelines.
Audit Metadata