self-improvement
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several management and hook scripts (
extract-skill.sh,activator.sh,error-detector.sh) that use shell utilities to process data. Specifically,extract-skill.shcreates new directory structures and files usingmkdir,sed, andawk. These scripts include appropriate input validation (e.g., regex checks on skill names) to prevent command injection or path traversal. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface (Category 8) by design, as it instructs the agent to review and adhere to patterns and rules logged in the
.learnings/directory. - Ingestion points: Files located within the
.learnings/directory, includingLEARNINGS.md,ERRORS.md, andFEATURE_REQUESTS.md. - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions when reading stored learnings, which could allow malicious instructions in logs to influence agent behavior.
- Capability inventory: The skill provides the agent with file-system write access, directory creation capabilities, and shell script execution through the provided hook scripts.
- Sanitization: Absent; the content retrieved from the logs is processed as instructions for future tasks without validation or filtering.
Audit Metadata