Skills
skills/zrr1999/skills/compound-learnings/Gen Agent Trust Hub

compound-learnings

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from the .learnings/ directory to guide future agent actions.
  • Ingestion points: The skill explicitly instructs the agent to scan and read markdown files within the .learnings/ directory (SKILL.md, '检索流程' section).
  • Boundary markers: The instructions do not define boundary markers or provide warnings to ignore embedded instructions within the retrieved learning files.
  • Capability inventory: The skill uses grep to search for files and recommends presenting summaries of these files to the agent's context. This processed data could influence subsequent tool usage, such as file modifications or command execution.
  • Sanitization: There is no mention of validating or sanitizing the content of the learning files before they are incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 11:22 AM