skill-improver
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes historical execution data to generate new instructions and code patches.
- Ingestion points: Reads potentially untrusted data from
logs/state.jsonandlogs/events.jsonllocated in therun_dirpath. - Boundary markers: Absent. The skill instructions do not provide methods to distinguish between legitimate log entries and malicious instructions that might have been injected into those logs during a prior run.
- Capability inventory: The skill is designed to suggest modifications to other
SKILL.mdfiles and propose new deterministic scripts, providing a path for malicious instructions to become persistent. - Sanitization: Absent. There are no instructions to sanitize, escape, or validate the content of the logs before they are analyzed for workflow improvements.
Audit Metadata