Skills
skills/rhuss/cc-spex/evolve/Gen Agent Trust Hub

evolve

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from project specification files and source code which could contain malicious instructions intended to manipulate the agent's behavior during reconciliation.
  • Ingestion points: Reads content from local files in the specs/ directory and project source code using commands like cat and fd.
  • Boundary markers: Absent. The instructions do not define clear delimiters or provided warnings to the agent to ignore instructions embedded within the processed file content.
  • Capability inventory: The skill has the ability to modify local files (using vim or echo) and perform Git version control operations (git add, git commit), allowing for persistent changes to the codebase.
  • Sanitization: Absent. The skill does not implement validation or escaping of the content read from files before processing it or using it to generate updates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 04:03 PM