self-improvement
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages internal developer workflows and project memory. All file operations and script executions are strictly project-local and do not involve remote data exfiltration, credential harvesting, or unverified remote execution.\n- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection by logging user feedback and tool outputs into a local history for future agent reference. This surface is managed through the use of delimited XML tags in automated reminder scripts.\n
- Ingestion points: User corrections, command error outputs via
error-detector.sh, and historical learning files in the.learnings/directory.\n - Boundary markers: Automated reminders are wrapped in XML-like tags such as
<self-improvement-reminder>and<error-detected>to assist the agent in distinguishing logged data from instructions.\n - Capability inventory: Local file read/write operations (SKILL.md, .learnings/*.md) and execution of shell scripts (
scripts/extract-skill.sh,scripts/activator.sh) via the agent's hook system.\n - Sanitization: The
extract-skill.shscript validates input using a strict regular expression to prevent arbitrary command injection or directory traversal.
Audit Metadata