continuous-learning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill implements a feedback loop that processes untrusted session data into permanent agent instructions.
- Ingestion points: Reads session history via the CLAUDE_TRANSCRIPT_PATH environment variable in
evaluate-session.sh. - Boundary markers: None; there are no delimiters or logic to distinguish between user intent and data content.
- Capability inventory: The skill is designed to write new executable or instructional files to the local filesystem (e.g.,
~/.claude/skills/learned/). - Sanitization: Absent; the script triggers the 'learning' process based solely on the number of messages in a session.
- Ingestion points: Reads session history via the CLAUDE_TRANSCRIPT_PATH environment variable in
- [Command Execution] (MEDIUM): The
evaluate-session.shscript executes shell commands and filesystem operations (mkdir) using paths derived fromconfig.json, which could be used for directory traversal or path manipulation if the configuration is altered.
Recommendations
- AI detected serious security threats
Audit Metadata