self-evolve
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a process for the agent to read past execution logs and update its own internal cognitive frameworks. This creates a risk of indirect prompt injection because the agent might inadvertently adopt malicious instructions present in the logs from previous interactions with untrusted external data.
- Ingestion points: Execution logs, failure records, and memories in the '/memories/' directory.
- Boundary markers: There are no explicit markers or instructions to treat log data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill allows the agent to modify internal cognitive files (e.g., 'agent-cognitive-os.md') and delete or archive log files.
- Sanitization: No sanitization or validation of the ingested log data is performed before it influences the agent's updated guardrails.
Audit Metadata