self-improvement
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow to ingest untrusted data from user corrections and tool error outputs into persistent storage, which is later used to modify agent behavior.
- Ingestion points: Untrusted data enters the system through the logging of user-provided corrections and external command/API error outputs into the .learnings/ directory as described in SKILL.md.
- Boundary markers: The logging format uses structured Markdown headers (e.g., ### Summary, ### Details), but these do not explicitly prevent the agent from following instructions embedded within the logged data.
- Capability inventory: The skill possesses the capability to write to the local filesystem and execute shell scripts (such as scripts/extract-skill.sh) to manage and promote learnings.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the captured content before it is interpolated into files or promoted to project-level instructions.
- [COMMAND_EXECUTION]: The skill provides the scripts/extract-skill.sh script which the agent is instructed to run. This script performs filesystem operations like creating directories and files based on predefined templates and user-provided names.
Audit Metadata