skill-update
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow for the agent to update its own skill files based on 'activities done previously', 'successful techniques', and 'key discoveries' (SKILL.md).\n
- Ingestion points: Execution history, log analysis, and extracted techniques from target interactions.\n
- Boundary markers: Absent. There are no instructions to isolate or delimit learned techniques before incorporating them into the skill's persistent instructions.\n
- Capability inventory: The skill leverages shell capabilities (mkdir, touch, cat) to modify its own directory structure and content (SKILL.md, STRUCTURE.md).\n
- Sanitization: Absent. The skill lacks validation logic to ensure that 'learned' attack patterns do not contain malicious instructions that could manipulate the agent's long-term behavior.\n- [COMMAND_EXECUTION]: The skill includes several shell commands for administrative tasks such as counting lines (wc -l), checking file existence (test -f), and creating directory structures (mkdir). These are standard development tools and pose low risk in the context of skill management.
Audit Metadata