meta-methodology-improvement-protocol
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill defines a protocol for the agent to modify its own core instructions and configuration files, specifically
.claude/agents/[your-name].md. This capability can be exploited to introduce persistent malicious instructions through the self-improvement workflow. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The agent is directed to evaluate external 'evidence' such as pull requests, issue reports, and third-party implementations to derive new rules.
- Boundary markers: The protocol uses XML tags for output formatting but does not implement markers to isolate untrusted external data from the instruction-generation logic.
- Capability inventory: The skill involves reading internal configuration files and proposing instruction updates. It incorporates a 'Suggest, Don't Apply' safeguard, requiring manual user approval for any changes.
- Sanitization: No procedures are provided to sanitize or validate the content of the external 'evidence' before the agent integrates it into proposed configuration changes.
- [EXTERNAL_DOWNLOADS]: The skill's metadata references a JSON schema hosted on the agents-inc GitHub organization. This is a neutral reference to the vendor's official configuration infrastructure.
Audit Metadata