Skills
skills/arosenkranz/claude-code-config/instinct-import/Gen Agent Trust Hub

instinct-import

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill allows the agent to fetch and process data from arbitrary external URLs provided at runtime (e.g., https://github.com/org/repo/instincts.yaml). This facilitates the ingestion of untrusted content into the agent's internal state.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the 'instinct' import process.
  • Ingestion points: The <file-or-url> parameter used in the /instinct-import command in SKILL.md.
  • Boundary markers: The skill documentation mentions format validation but does not describe the use of delimiters or 'ignore' instructions to prevent imported content from being interpreted as commands by the LLM.
  • Capability inventory: The skill utilizes Bash, Read, Write, Grep, and Glob tools, which could be exploited if malicious instincts are imported.
  • Sanitization: While basic format parsing is mentioned, there is no evidence of sanitization against prompt injection or malicious instructions embedded within the YAML files.
  • [COMMAND_EXECUTION]: The skill executes a local Python script ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py to handle the import logic, which processes external input provided via the command line.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 04:45 AM