skill-generator
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
ls,grep, and a specialized toolrtkto inspect and manage files in the.agent/directory. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. It is designed to 'extract workflow patterns' from untrusted sources like git history and 'observations' (session logs). Malicious instructions embedded in these data sources could be inadvertently transformed into new agent skills during the generation process.
- [DATA_EXPOSURE]: The skill accesses internal agent data structures located in
.agent/instincts/observations/and.agent/instincts/personal/*.yaml. While these are part of the agent's own learning mechanism, they may contain logs of sensitive interactions that the generator skill processes to derive new behaviors.
Audit Metadata