self-improving-agent

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an automated 'promotion' mechanism that transitions content from error logs and user interactions into project-wide instruction files, which serves as a functional indirect prompt injection surface.
  • Ingestion points: Reads error messages, tool failure outputs, and user corrections as documented in references/guide.md.
  • Boundary markers: The skill uses structured headers (e.g., ## [LRN-YYYYMMDD-XXX]) but does not implement specific delimiters to isolate potentially malicious instructions within the captured content.
  • Capability inventory: The skill has instructions to modify core project configuration files including CLAUDE.md, .memoire/ configs, and .github/copilot-instructions.md.
  • Sanitization: Instructions explicitly advise the agent to avoid storing secrets or personal data, though no specific sanitization or escaping is mandated for instructions contained within external error messages.
  • [COMMAND_EXECUTION]: The skill provides instructions for using standard shell utilities and the vendor's own CLI tool for project management.
  • Evidence: Usage of mkdir -p .memoire/learnings for setup, grep for pattern discovery, and the memi CLI for skill installation and management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 09:48 PM