skill-evolution
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local shell scripts (
evolution-engine.shandversion-manager.sh) located in the project's .claude/scripts/ directory to perform reporting, analysis, and version rollback operations as documented in evolution-commands.md. - [PROMPT_INJECTION]: The skill implements an Auto-Evolution system that analyzes user-performed edits from .claude/feedback/edit-patterns.jsonl to suggest modifications to skill instructions. This presents an indirect prompt injection risk where adversarial user input could be incorporated into the agent's core skill set.
- Ingestion points: Raw user edits stored in .claude/feedback/edit-patterns.jsonl.
- Boundary markers: The system uses a human-in-the-loop review process via AskUserQuestion before applying changes, but lacks structural delimiters or automated sanitization for the ingested content.
- Capability inventory: Possesses the ability to modify other skills using Write and Edit tools and execute administrative shell scripts.
- Sanitization: Relies on regex matching for categorization, which does not sanitize the underlying content of the edit pattern being suggested for inclusion.
Audit Metadata