doctor
Warn
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to modify its own source code ("Self-Evolving Skill", "fix this file immediately"). This allows the agent to permanently alter its own instructions, creating a risk of persistent behavioral change.
- [COMMAND_EXECUTION]: The skill uses
bashto perform system service management tasks, includinglaunchctl bootoutand file deletion of.plistconfiguration files. It also dynamically sources script files from paths determined by environment variables. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: Reads sensitive user transcripts from
~/.claude/projects(SKILL.md). - Boundary markers: None present; the skill does not use delimiters or instructions to ignore embedded commands in the transcripts.
- Capability inventory: The skill can execute arbitrary shell commands via
bash(SKILL.md) and modify its own source code. - Sanitization: No sanitization or validation of the transcript content is performed.
- Risk: Malicious instructions embedded in user transcripts could trigger the agent to modify its own source code with harmful logic.
Audit Metadata