skill-reinforcement
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated feedback loop that modifies local instruction files based on task outcomes and user feedback, creating a surface for Indirect Prompt Injection. Ingestion points: Processes task outcomes, discoveries, and user feedback as described in the Reinforcement Process and Automation Hooks sections of SKILL.md. Boundary markers: The skill lacks delimiters or instructions to ignore embedded malicious content within the analyzed data. Capability inventory: The skill uses 'cat' and 'Edit' tools to modify instructions in the .opencode/skill/ directory (as noted in SKILL.md). Sanitization: No sanitization or validation of 'learnings' is specified before they are appended to instruction files.
- [PROMPT_INJECTION]: The instructions use high-pressure directives like 'Always and Automatically' and 'UPDATE IMMEDIATELY' which attempt to override standard agent operational flow.
Audit Metadata