skill-evolution
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines procedures for corpus-level maintenance using the
skill-graphtoolset. Its behavior is consistent with its stated purpose of systematically auditing and improving project-specific agent skills. - [COMMAND_EXECUTION]: The skill teaches the agent how to execute the
skill-graph evolvecommand with various flags (e.g.,--auto-improve,--continuous). This is the primary intended function of the skill within its workspace. - [EXTERNAL_DOWNLOADS]: The skill references its official project repository (
github.com/jacob-balslev/skill-graph) for grounding and integrity verification. This is a trusted resource provided by the author for project functionality. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses a sidecar file (
audit-state.json) to track the audit status and integrity of the skill library. This is a recognized best practice for maintaining a verifiable chain of trust in agent skill management. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface as it is designed to ingest and process a library of external skills.
- Ingestion points: Skill library corpus (configured via
--skills-dir). - Boundary markers: Not explicitly defined in instructions for processed content.
- Capability inventory: File modification (
improveoperation), CLI execution (evolve), and script evaluation (evaluaterunner). - Sanitization: Not mentioned in the instructional text. This surface is inherent to the tool's primary purpose of corpus management and does not indicate malicious intent.
Audit Metadata