self-improving-agent
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated 'promotion' mechanism that transitions content from error logs and user interactions into project-wide instruction files, which serves as a functional indirect prompt injection surface.
- Ingestion points: Reads error messages, tool failure outputs, and user corrections as documented in
references/guide.md. - Boundary markers: The skill uses structured headers (e.g.,
## [LRN-YYYYMMDD-XXX]) but does not implement specific delimiters to isolate potentially malicious instructions within the captured content. - Capability inventory: The skill has instructions to modify core project configuration files including
CLAUDE.md,.memoire/configs, and.github/copilot-instructions.md. - Sanitization: Instructions explicitly advise the agent to avoid storing secrets or personal data, though no specific sanitization or escaping is mandated for instructions contained within external error messages.
- [COMMAND_EXECUTION]: The skill provides instructions for using standard shell utilities and the vendor's own CLI tool for project management.
- Evidence: Usage of
mkdir -p .memoire/learningsfor setup,grepfor pattern discovery, and thememiCLI for skill installation and management.
Audit Metadata