skill-improvement
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Command Execution (LOW): The skill executes shell commands (git add, git commit, git push) to manage version control. While these are primary to the skill's purpose, they represent a vector for local command execution.
- Data Exfiltration (LOW): The skill transmits local skill files to an external repository (diegocanepa/agent-skills). This is the intended behavior but constitutes data movement to a non-trusted third-party repository.
- Indirect Prompt Injection (LOW): The skill processes untrusted data from the conversation to modify skill files, creating a surface for persisting malicious instructions.
- Ingestion points: Conversation history and user feedback in Step 3.
- Boundary markers: Absent; no delimiters or ignore-instructions warnings are used when processing conversation context.
- Capability inventory: File write access to the skills directory, vcs-commit and vcs-change-request tools for remote persistence.
- Sanitization: Absent; the skill directly incorporates patterns and steps identified in the conversation into the target file without validation.
Audit Metadata