heal-skill
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it determines how to 'heal' a skill by analyzing untrusted conversation data, such as reported error messages or snippets of external documentation.
- Ingestion points: Step 1 (conversation history) and Step 2 (discovery method/error logs).
- Boundary markers: None are defined to separate instruction from data.
- Capability inventory: Utilizes 'Edit' for file modification and 'Bash' for git commits.
- Sanitization: No explicit sanitization is present, but the process enforces a 'request_approval' step (Step 5) which acts as a manual human-in-the-loop filter.
- [COMMAND_EXECUTION]: The skill employs the Bash tool to execute 'ls' and 'git' commands. These are used for directory navigation within the local skill repository and version control management.
- [SAFE]: No obfuscated content, hardcoded credentials, data exfiltration patterns, or persistence mechanisms were detected in the skill code.
Audit Metadata