learn
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell-based directory and repository management using commands such as
ghq,mkdir,ln,sed,find, andunlink. These are used to maintain a structured learning environment within theψ/learn/directory.\n- [EXTERNAL_DOWNLOADS]: It clones repositories from external sources using theghqtool, specifically targeting GitHub. This is the primary function of the skill and targets a well-known service.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of external codebases, which presents an indirect prompt injection surface for the sub-agents analyzing the code.\n - Ingestion points: Source code from external git repositories cloned via
ghqas described in SKILL.md.\n - Boundary markers: No specific boundary markers or instructions to ignore embedded directives are provided to the sub-agents to distinguish between code and potential malicious instructions.\n
- Capability inventory: The system allows for shell command execution for repository setup, and sub-agents possess file-read and file-write capabilities for documentation generation.\n
- Sanitization: Input URLs are parsed for structure, but the content of the cloned codebases is processed without sanitization or validation of the files being read by sub-agents.
Audit Metadata