learning
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection by processing and persisting untrusted user data.
- Ingestion points: Processes user-provided themes, concepts, and study notes through
memory_searchandmemory_saveoperations. - Boundary markers: No explicit delimiters or boundary markers are used to separate user-provided content from instructions in the memory or file storage templates.
- Capability inventory: The skill is capable of searching and saving to memory, and writing notes to the local filesystem at
data/notes/. - Sanitization: There is no evidence of sanitization or filtering for content stored in memory or notes.
- Data Storage (INFO): The skill explicitly defines storage for learning records at
data/notes/. This is a legitimate functional behavior for a knowledge management tool but should be monitored for sensitive data accumulation.
Audit Metadata