self-improving-agent
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface because it processes auto-generated memory files (
MEMORY.md) which contain content derived from potentially untrusted external project data. - Ingestion points: The skill reads and analyzes files within the
~/.claude/projects/directory, specificallyMEMORY.mdand associated topic files. - Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore potentially malicious embedded instructions within the memory content during the review process.
- Capability inventory: The skill possesses capabilities to read and write to project configuration files (e.g.,
CLAUDE.md,.claude/rules/) and execute bash commands via hooks. - Sanitization: The implementation does not include explicit sanitization of the memory entries before they are summarized or proposed for promotion to enforced rules.
- [COMMAND_EXECUTION]: The skill uses local bash utilities including
grep,wc,ls, andfindto perform audits and generate health metrics for the project's memory system. These operations are scoped to the local environment and the project's own metadata directory.
Audit Metadata