self-improve
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from session logs, tool outputs, and external developer server logs to identify improvement areas.
- Ingestion points: Conversation history, subagent summaries, developer server logs, and test results are processed in Step 1 and Step 2.
- Boundary markers: There are no explicit instructions to the agent to treat embedded instructions in logs or tool outputs as data only.
- Capability inventory: The skill utilizes the
todotool, modifies configuration files (e.g.,AGENTS.md,CLAUDE.md), and potentially executes shell commands via thecommitskill or while running tests. - Sanitization: No explicit sanitization or validation of the ingested context is performed before it influences the agent's suggested improvements.
- Mitigation: The risk is significantly mitigated by Step 4, which requires explicit user approval of all suggested improvements before any actions are taken or todos are created.
Audit Metadata