self-improve
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest session context (which may contain untrusted data) and promote it to permanent instruction files.
- Ingestion points: Session history, debugging insights, and pattern detection (SKILL.md).
- Boundary markers: Strong mandatory human-in-the-loop requirement. SKILL.md states: 'Never auto-apply changes. Always get explicit approval.'
- Capability inventory: Writing to
CLAUDE.md,SKILL.md, and project memory paths via agent file tools. - Sanitization: No automated sanitization is described; security relies entirely on the user's manual review of proposed changes.
- No Code (SAFE): The skill consists exclusively of instructional markdown files and contains no executable scripts, binaries, or package dependencies.
Audit Metadata