learner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted data from the current conversation to generate 'learned skills' which are then saved to the filesystem.
- Ingestion points: The 'current conversation' serves as the primary data source for extraction.
- Boundary markers: No explicit markers or warnings are defined to distinguish between user-provided data and embedded malicious instructions during the extraction phase.
- Capability inventory: The skill involves writing markdown files to local directories (
~/.claude/skills/omc-learned/or.omc/skills/). - Sanitization: The process lacks automated sanitization or validation of the content being extracted from the conversation before it is persisted.
- [Data Exposure & Exfiltration] (SAFE): The skill references local file paths for storage and encourages the inclusion of error messages and code snippets. However, it does not include any network capabilities to exfiltrate this data.
- [Remote Code Execution] (SAFE): No remote script downloads, package installations, or dynamic execution patterns were detected.
Audit Metadata