update-agent-learnings
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses grep to verify the success of file modifications across agent definitions. This is a localized, read-only operation for verification purposes.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by processing session data to update agent definitions. Ingestion point: Extracts learnings from active conversation context. Boundary markers: Mandatory AskUserQuestion gate requires human approval before writing. Capability inventory: Modifies files in .claude/learnings/ and .claude/agents/; executes grep. Sanitization: Content is explicitly presented to the user for validation.
- [DATA_EXFILTRATION]: No network access or external data transmission detected. File operations are restricted to project-local paths.
Audit Metadata