skill-improve
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It reads content from
.claude/skills/[name]/SKILL.mdto diagnose issues and propose fixes. If the skill being processed contains malicious instructions masquerading as data, the agent might follow them during the analysis phase. - Ingestion points: Reads external skill files at
.claude/skills/[name]/SKILL.mdin Phase 3. - Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: Includes the ability to write to the file system (
Write) and execute shell commands (Bash). - Sanitization: No sanitization or validation of the input skill content is performed before the agent processes it for diagnosis.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform git operations (git checkout) and execute other platform commands (/skill-test). While these are used for the intended purpose of testing and reverting changes, they represent a capability that could be misused if the agent is compromised via indirect injection.
Audit Metadata