heal-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform directory listings and git operations. These actions are scoped to the project's skills directory and are used for identifying affected files and committing approved changes.
- [PROMPT_INJECTION]: The skill derives instruction updates from untrusted conversation history and error logs, which presents an indirect prompt injection surface. This capability is inherent to its primary purpose of fixing skills, and the risk is mitigated by a mandatory manual approval step before any edits are applied.
- Ingestion points: Reads external conversation context, error logs, and existing SKILL.md files.
- Boundary markers: No explicit delimiters are specified for separating untrusted data from the repair logic.
- Capability inventory: Includes the Edit tool for rewriting instructions and Bash for version control.
- Sanitization: Relies on human verification via the AskUserQuestion tool prior to execution.
Audit Metadata