skill-auto-update
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a mechanism that can lead to indirect prompt injection by converting untrusted user input into persistent agent instructions.
- Ingestion points: The skill specifically scans turn context for feedback signals such as 'user corrections, review comments, comments on issues or pull requests' (SKILL.md).
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to sanitize the input before distillation.
- Capability inventory: The skill allows the agent to modify or create instructional files, providing a path for injected content to become a durable part of the agent's logic ('Update the narrowest existing skill', 'Create a new skill' in SKILL.md).
- Sanitization: The skill lacks validation or filtering mechanisms to differentiate between helpful feedback and adversarial instructions designed to override behavior.
Audit Metadata