self-improving-agent
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through its self-improvement loop. It ingests data from all interactions and user feedback to update its own instructions and other skill files.
- Ingestion points: Tool outputs captured via hooks/post-bash.sh and session feedback as described in SKILL.md (Phase 1).
- Boundary markers: None identified; the skill does not distinguish between trusted and untrusted content during pattern abstraction.
- Capability inventory: The skill has Read, Write, Edit, Bash, and WebSearch permissions as defined in SKILL.md.
- Sanitization: No evidence of sanitization or safety filtering for patterns extracted from untrusted tool outputs or web data.
- [COMMAND_EXECUTION]: The skill uses shell hooks (hooks/pre-tool.sh and hooks/post-bash.sh) to log tool activity. This mechanism allows the skill to monitor every bash command and file modification performed by the agent.
Audit Metadata