self-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several shell scripts (
scripts/activator.sh,scripts/error-detector.sh,scripts/extract-skill.sh) designed to automate learning reminders and facilitate skill scaffolding. - [COMMAND_EXECUTION]:
scripts/extract-skill.shperforms file system operations, including directory creation (mkdir -p) and template-based file generation. It implements validation logic to prevent the use of absolute paths or directory traversal segments (..) in output paths. - [PROMPT_INJECTION]: The skill implements a feedback loop that creates a surface for indirect prompt injection. It captures untrusted data (user corrections, tool error messages) and stores them in
.learnings/*.mdfiles, which are intended to influence the agent's behavior in future sessions. - Ingestion points: User input (corrections/feature requests) and tool output (captured via the
CLAUDE_TOOL_OUTPUTenvironment variable inerror-detector.sh). - Boundary markers: The skill uses structured Markdown templates with headers (e.g.,
### Summary) and metadata fields to delimit content. - Capability inventory: The skill includes scripts for file system manipulation and is intended to run in environments with CLI tool access.
- Sanitization: No explicit sanitization or escaping of captured content is performed before logging to the markdown files.
Audit Metadata