self-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs shell commands such as 'find', 'grep', and 'cat' to interact with existing skill files in the project directory for discovery and analysis.
- [COMMAND_EXECUTION]: Includes a shell script ('scripts/create-skill.sh') and inline bash instructions that allow the agent to create new directories and Markdown files on the local filesystem.
- [EXTERNAL_DOWNLOADS]: The 'Upstream Source Sync Workflow' involves fetching content from 'raw.githubusercontent.com/databricks-solutions/ai-dev-kit'. This is documented as a vendor-owned resource matching the skill's author and is treated as a trusted source.
- [PROMPT_INJECTION]: The skill contains strong instructional directives (e.g., 'MANDATORY', 'ALWAYS') that prioritize its own self-improvement logic over other agent behaviors.
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface: The skill processes external data from upstream repositories and local execution history to generate or modify agent instructions. 1. Ingestion points: 'data_product_accelerator/skills' and 'github.com/databricks-solutions/ai-dev-kit'. 2. Capability inventory: File system read/write, directory creation, and command execution. 3. Sanitization: The creation script performs basic alphanumeric normalization on user-provided skill names.
Audit Metadata