improve-skill
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from local skill files and external sources (GitHub via WebFetch and Web search results) to suggest and implement code modifications. ● Ingestion points: Local skill files (SKILL.md), GitHub content (agents/ecosystem.md), and Web search results (agents/vendor-docs.md). ● Boundary markers: No explicit delimiters or instructions are used to separate data from commands when processing content. ● Capability inventory: The skill has extensive permissions including Edit, Write, Bash, Task, WebFetch, and WebSearch. ● Sanitization: Content is not validated or sanitized before being used to generate analysis or apply skill edits.
- [COMMAND_EXECUTION]: The skill uses the Bash tool for local file searching and npx within sub-agents to query the skills registry.
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from remote sources including GitHub and vendor documentation (Anthropic and OpenAI) to perform its research tasks.
Audit Metadata