learning
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation and metadata specify the use of the Bash tool to execute local scripts (
evaluate-session.jsandobserve-patterns.js) for session evaluation and pattern monitoring. These scripts are treated as vendor-owned resources for the author xiaobei930.\n- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface (Category 8) by extracting patterns from untrusted session data and persisting them into core instruction files likeCLAUDE.mdandrules/. Evidence Chain: (1) Ingestion points: Session logs andobservations.jsonltool-use records. (2) Boundary markers: Not present in templates. (3) Capability inventory:Write,Edit, andBashused to update system-level instructions. (4) Sanitization: Relies onauto_approve: falseconfiguration for manual review, lacking automated sanitization or filtering.\n- [NO_CODE]: The functional logic for the skill's automated hooks resides in external scripts within thescripts/node/hooks/directory, which were not provided for analysis.
Audit Metadata