Skills
skills/family3253/skill/self-improving-agent/Gen Agent Trust Hub

self-improving-agent

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides several shell scripts for task automation. activator.sh and error-detector.sh are used within agent hooks to monitor and report on session status, while extract-skill.sh automates the creation of new skill directories and files from templates. The extract-skill.sh script includes security checks to prevent directory traversal attacks.
  • [PROMPT_INJECTION]: The skill's primary function is to modify agent behavior over time by 'promoting' logged learnings into persistent context files like CLAUDE.md or SOUL.md. It also utilizes hook scripts to inject guidance reminders directly into the agent's prompt during active sessions. This creates a surface for indirect prompt injection:
  • Ingestion points: Tool outputs are captured via error-detector.sh, and user corrections are ingested through prompt interactions.
  • Boundary markers: Logged data is organized using markdown headers but lacks explicit safety delimiters to prevent the agent from potentially obeying instructions embedded within the logged data.
  • Capability inventory: The skill allows the agent to read/write local files and execute the provided helper scripts.
  • Sanitization: While extract-skill.sh validates directory names, the actual content of the error and learning logs is not sanitized for executable instructions or prompt injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 08:18 AM
Security Audit — agent-trust-hub — self-improving-agent