learning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a mechanism where untrusted user input is converted into persistent behavioral rules. 1. Ingestion points: User messages interpreted as corrections (e.g., 'Don't do X, do Y'). 2. Boundary markers: Absent; the agent is instructed to detect patterns in natural language without specific delimiters or safety instructions. 3. Capability inventory: The skill defines interfaces for MCP tools but includes no implementation code, subprocess calls, or network operations. 4. Sanitization: Not specified; the framework relies on human-in-the-loop approval (/learner:approve) to prevent malicious rules from becoming active.
Audit Metadata