improve-agent
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains references to 'ignore previous instructions' and 'adversarial probes.' These are meta-level instructions describing failure modes the skill is designed to detect and remediate in other agents, rather than attempts to subvert the operating agent's own safety protocols.
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
curl,docker logs, anddocker execto communicate with and inspect a local development server atlocalhost:8000. These commands are used to execute tests and monitor the behavior of local agent containers, which is appropriate for its stated purpose as a coding-agent workflow. - [INDIRECT_PROMPT_INJECTION]: The skill ingests the contents of target agent files to understand their intended behavior, which creates an attack surface for indirect prompt injection.
- Ingestion points: Reading docstrings and
INSTRUCTIONSvariables fromagents/<slug>.pyfiles. - Boundary markers: None explicitly defined to isolate the target code from the skill's operational logic.
- Capability inventory: Extensive capabilities including shell access (via
dockerandcurl) and the ability to modify local source code files. - Sanitization: No specific sanitization or filtering of the ingested source code is described.
Audit Metadata