Skills
skills/bug-ops/claude-plugins/continuous-improvement/Gen Agent Trust Hub

continuous-improvement

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It reads content from project-specific files and incorporates them into the prompts of spawned subagents without adequate sanitization.
  • Ingestion points: In SKILL.md, the orchestrator reads .claude/rules/continuous-improvement.md and passes it to subagents. Additionally, subagents ingest project source code and runtime logs as part of the testing cycle described in references/testing-methodology.md.
  • Boundary markers: The instructions use markdown blocks but lack explicit "ignore embedded instructions" warnings or robust delimiters to prevent the agent from obeying commands found within the ingested project data.
  • Capability inventory: The agents can spawn further subagents (Agent tool), interact with GitHub repositories (gh CLI), and execute the project's own code (cargo run).
  • Sanitization: No validation or sanitization of external file content is performed before interpolation into agent prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 05:55 PM
Security Audit — agent-trust-hub — continuous-improvement