learnings
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides a shell script in SKILL.md that automates the installation of the
learningstoolset from the author's Homebrew tap (tkersey/tap/learnings) on macOS systems. - [COMMAND_EXECUTION]: The skill utilizes shell commands to execute the
learningsandappend_learningbinaries for data persistence and retrieval, and queries the local environment for git state information (e.g.,git status,git diff). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes and persists observations from tool outputs and agent reasoning into a structured database.
- Ingestion points: The
--learningand--evidenceflags of theappend_learningcommand accept strings generated during the agent's execution turn, as defined in the 'Write Procedure' section of SKILL.md. - Boundary markers: Shell-level quoting (
"$@") is applied to arguments within the helper function, but no high-level delimiters are enforced on the injected learning content itself. - Capability inventory: The skill can perform file writes to
.learnings.jsonland execute local binaries via the provided shell wrapper. - Sanitization: No explicit input sanitization or validation of the learning content is performed within the provided shell wrapper; validation logic is delegated to the compiled binaries.
Audit Metadata