skill-forge-evolve
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several local Python scripts (e.g.,
scripts/generate_eval_set.py,scripts/optimize_description.py,scripts/validate_skill.py) and custom shell commands (e.g.,/skill-forge eval,/skill-forge benchmark). These commands are used to automate the diagnosis and improvement of skill logic and descriptions. Additionally, the skill is designed to modify local files, includingSKILL.mdandinstall.sh, as part of its evolution workflow. - [PROMPT_INJECTION]: The skill processes user-provided feedback, benchmark results, and execution logs to diagnose issues. This data represents an indirect prompt injection surface where malicious instructions embedded in the analyzed data could potentially influence the agent's behavior during the improvement process.
- Ingestion points: Reads data from
feedback.json,evals.json, and system logs (SKILL.md). - Boundary markers: No explicit instructions or delimiters are provided to the agent to treat this ingested content as untrusted data.
- Capability inventory: The skill has the capability to execute shell commands, run Python scripts, and write to the file system (SKILL.md).
- Sanitization: There are no mentioned mechanisms for validating or escaping content from external feedback before it is processed.
Audit Metadata