skill-evolution
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill configures global hooks (PreToolUse, PostToolUse, Stop) that trigger shell scripts for every agent action. While the scripts are local to the skill, this design pattern creates a broad execution surface.
- [PROMPT_INJECTION] (LOW): The skill extracts information from tool outputs to generate 'evolution candidates.' This creates an indirect prompt injection surface where malicious or unexpected command output could be logged and later used to influence the AI's suggestions for skill modifications.
- [DATA_EXFILTRATION] (SAFE): Although tool outputs ($TOOL_OUTPUT) are logged to the local disk, which may include sensitive information if a command prints secrets, there are no network operations detected to exfiltrate this data.
Audit Metadata