improve-agent

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains references to 'ignore previous instructions' and 'adversarial probes.' These are meta-level instructions describing failure modes the skill is designed to detect and remediate in other agents, rather than attempts to subvert the operating agent's own safety protocols.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands such as curl, docker logs, and docker exec to communicate with and inspect a local development server at localhost:8000. These commands are used to execute tests and monitor the behavior of local agent containers, which is appropriate for its stated purpose as a coding-agent workflow.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests the contents of target agent files to understand their intended behavior, which creates an attack surface for indirect prompt injection.
  • Ingestion points: Reading docstrings and INSTRUCTIONS variables from agents/<slug>.py files.
  • Boundary markers: None explicitly defined to isolate the target code from the skill's operational logic.
  • Capability inventory: Extensive capabilities including shell access (via docker and curl) and the ability to modify local source code files.
  • Sanitization: No specific sanitization or filtering of the ingested source code is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:03 PM
Security Audit — agent-trust-hub — improve-agent