manage-skills
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill establishes a persistence mechanism by directing the agent to create and update SKILL.md files and executable scripts within the /workspace/skills/ directory, allowing for behavioral changes that persist across sessions.\n- [PROMPT_INJECTION]: The capability to update skills based on 'new lessons' creates an indirect prompt injection surface where untrusted external data could be persisted as part of the agent's long-term instruction set.\n
- Ingestion points: Agent 'lessons' (derived from runtime data) are written to persistent SKILL.md files in /workspace/skills//.\n
- Boundary markers: The instructions do not include requirements for boundary markers or delimiters to ignore instructions within the generated skills.\n
- Capability inventory: The agent can write to the file system and create executable scripts (in scripts/) which are later referenced by the agent's internal logic.\n
- Sanitization: The skill lacks instructions for sanitizing or validating external content before it is incorporated into the persistent skill files.
Audit Metadata