auto-skill-lifecycle-handling
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest untrusted data from user feedback and convert it into persistent instructions (Indirect Prompt Injection surface).
- Ingestion points: The skill monitors user messages and feedback to identify "stable constraints" and "preferences" for skill extraction (found in SKILL.md prompt section).
- Boundary markers: There are no instructions or mechanisms defined to use delimiters or ignore embedded instructions when the extracted content is injected into future prompt contexts.
- Capability inventory: The skill has the capability to generate new SKILL.md files and inject their contents into the LLM's context during subsequent queries.
- Sanitization: The workflow lacks any sanitization, filtering, or validation steps to ensure that extracted constraints do not contain malicious payloads intended to hijack the agent's behavior in future sessions.
Audit Metadata