reflection
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and analyzes user-controlled conversation history to propose configuration changes.\n
- Ingestion points: Interaction history and tool failure logs are reviewed for analysis.\n
- Boundary markers: No specific delimiters are used to separate user data from analysis instructions.\n
- Capability inventory: The skill can propose modifications to other skill definitions and the
CLAUDE.mdenvironment file.\n - Sanitization: The skill includes a mandatory confirmation step where the user must review and approve any changes before they are applied, mitigating the risk of unintended behavior modifications.\n- [NO_CODE]: The skill consists exclusively of markdown instructions and metadata, with no accompanying scripts or executable files.
Audit Metadata