reflection
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes untrusted chat history to derive new instructions.\n
- Ingestion points: Reads chat history and the current CLAUDE.md file.\n
- Boundary markers: Lacks explicit delimiters between user content and analysis logic.\n
- Capability inventory: Employs Edit and git tools to modify and commit repository files.\n
- Sanitization: Implements a human-in-the-loop mitigation by requiring the user to review and approve every change before implementation.\n- [COMMAND_EXECUTION]: The skill uses the git command-line tool to persist changes to the repository, which is a standard part of its workflow for documenting improvements.
Audit Metadata