rule-updater
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill presents an indirect prompt injection surface by design. It processes data from untrusted external sources (PRs, issues) to generate or update the agent's internal operating rules.
- Ingestion points: The skill explicitly identifies PRs, issues, and user interactions as sources for 'patterns' and 'lessons learned' to be extracted into rules.
- Boundary markers: The skill documentation does not specify the use of delimiters or 'ignore' instructions when processing these external data streams.
- Capability inventory: The skill possesses file-write capabilities within the
.cursor/rules/directory, allowing it to modify the core instructions that govern agent behavior in subsequent sessions. - Sanitization: There is no mention of sanitizing, escaping, or human-in-the-loop validation of the content being promoted from an external issue/PR into a persistent rule file.
Audit Metadata