autoskill
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill extracts information from user chat sessions to modify persistent instruction files, creating a potential indirect prompt injection vector.
- Ingestion points: Chat history (user corrections and patterns) used to update SKILL.md files.
- Boundary markers: A mandatory review process is required before modifications are finalized ('Apply high confidence changes?').
- Capability inventory: Writing to SKILL.md files and executing git commit commands.
- Sanitization: No programmatic sanitization is performed; the skill relies on a 'Signal quality filter' and user verification.
- [COMMAND_EXECUTION]: The skill triggers shell commands to commit changes to a local git repository, which is a standard procedure for maintaining version history of skill updates.
Audit Metadata