self-evolution
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides several POSIX shell scripts (
init-scaffold.sh,scan-project.sh,audit-agents.sh,install-hooks.sh) and a JavaScript plugin (opencode-plugin.mjs) for automating project initialization, codebase scanning, and health monitoring. These tools use standard system utilities to manage project-local documentation and configuration. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends the use of external tools for skill discovery and creation, specifically referencing official repositories from trusted organizations like Vercel Labs and Anthropic.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill is designed to ingest and process untrusted project data (such as code comments and README files) to build its knowledge base.
- Ingestion points: Codebase scanning and deep onboarding phases where the agent reads and analyzes arbitrary project files.
- Boundary markers: Not explicitly implemented in prompt interpolation; the skill relies on the model to differentiate project data from instructions while utilizing a tiered confidence model.
- Capability inventory: Local file system writes and local shell execution (via the provided automation scripts).
- Sanitization: None detected; the skill analyzes project content as-is to extract facts and conventions.
Audit Metadata