autoskill
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it derives new behavioral rules from conversation history. * Ingestion points: The skill analyzes active conversation logs for user corrections and feedback to propose modifications to other skill files. * Boundary markers: The system lacks explicit delimiters for untrusted user feedback but enforces a review flow for human oversight. * Capability inventory: The skill can modify local markdown files and execute git commands. * Sanitization: It uses a signal quality filter (checking for repetition, novelty, and specificity) and requires manual approval before applying changes.
- [COMMAND_EXECUTION]: The skill executes the git commit command to record modifications to skill files if a git repository is detected in the environment.
Audit Metadata