lesson
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted recent conversation context to extract lessons and has the capability to update its own SKILL.md and checklist files. This creates an indirect prompt injection surface where malicious content in a conversation could be persisted into the agent's core instructions or memory.
- Ingestion points: Recent conversation context (specified in SKILL.md).
- Boundary markers: None present to delimit untrusted data from extracted lessons.
- Capability inventory: Updates SKILL.md and other local files, stores to long-term memory via memory_recall.
- Sanitization: No input validation or filtering of conversation content is specified.
Audit Metadata