self-improvement
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a learning loop that ingests data from user feedback and command errors, which is then used as instructional context for future sessions.
- Ingestion points: Writes to and reads from
.learnings/LEARNINGS.md,.learnings/ERRORS.md, and.learnings/FEATURE_REQUESTS.md. - Boundary markers: Data is organized via Markdown headers but lacks explicit boundary markers or 'ignore' instructions to prevent the agent from executing malicious commands stored in the logs.
- Capability inventory: The skill provides shell scripts for file creation (
extract-skill.sh) and JS/TS handlers that inject content into the agent's bootstrap cycle. - Sanitization: No validation or escaping is applied to user-provided corrections or error logs before they are written to the persistent store.
- [EXTERNAL_DOWNLOADS]: The documentation references installation from external repositories.
- Evidence:
SKILL.mdcontains instructions forgit clonefromgithub.com/peterskoett/self-improving-agent.gitand use of theclawdhubinstaller. - Context: These references are for the installation of the skill's own source code and target a well-known service (GitHub).
Audit Metadata