skill-auto-improver
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted instruction files (SKILL.md and referenced markdown files) from a target directory to perform automated edits. This creates a surface for indirect prompt injection, where a malicious skill being 'improved' could contain instructions intended to influence or override the agent's behavior during the loop.
- Ingestion points: Target skill directory (SKILL.md and files in references/)
- Boundary markers: Absent (untrusted content is read directly into context)
- Capability inventory: Bash (executing git, python, and asm tools), Write, and Edit (modifying files in the local repository)
- Sanitization: Absent (content is used to inform prompts and edits without explicit filtering)
- [COMMAND_EXECUTION]: The skill executes local CLI tools including 'asm', 'git', and 'python' to perform skill evaluation, version control synchronization, and mechanical validation. These operations are essential for its function as a development automation tool.
- [EXTERNAL_DOWNLOADS]: The skill performs 'git fetch' and 'git pull' operations to synchronize the target repository with its remote origin. These network operations are directed by the user's repository configuration.
Audit Metadata