self-improving-agent
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's 'Memory Review Protocol' and 'Promotion' logic create an indirect prompt injection surface. The protocol suggests that agents read from
MEMORY.mdor topic-specific files and 'promote' successful patterns into core rule files likeCLAUDE.md. This could allow malicious instructions placed in the memory log (e.g., via tool output or user interaction) to be elevated to persistent, system-level constraints.\n - Ingestion points: The agent is instructed to ingest data from
MEMORY.mdand topic files in~/.claude/projects/.\n - Capability inventory: The agent is granted the capability to modify core configuration files (
CLAUDE.md,.claude/rules/) based on this ingested data.\n - Boundary markers: The skill does not define delimiters or instructions to ignore embedded commands within the memory content being processed.\n
- Sanitization: There is no requirement for sanitization, validation, or human-in-the-loop verification before content promotion.\n- [NO_CODE]: The skill is purely informational and contains architectural patterns and markdown documentation only, without any executable scripts or tool implementations.
Audit Metadata