update-agent-learnings
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes session data to extract learnings, creating a surface for indirect prompt injection into persistent configuration files.\n
- Ingestion points: Current session conversation history.\n
- Boundary markers: The skill includes a mandatory user confirmation gate via the
AskUserQuestiontool before any file updates are executed.\n - Capability inventory: Read and write access to agent definition files in
.claude/agents/*.mdand the central learnings file.claude/learnings/agent-learnings.md.\n - Sanitization: Relies on human-in-the-loop verification to validate extracted learnings before they are persisted.\n- [COMMAND_EXECUTION]: The skill performs internal state verification using standard shell commands.\n
- Evidence: The skill uses
grep -l "^## Learnings" .claude/agents/*.md | wc -lto verify the state of agent definition files within the local project directory.
Audit Metadata