self-improvement
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill captures untrusted conversational data to modify persistent instruction files such as CLAUDE.md and SKILL.md.
- Ingestion points: Feedback is triggered by specific phrases like 'actually it should be' or 'remember this'.
- Boundary markers: The skill does not define specific delimiters for the injected content.
- Capability inventory: The skill has the ability to read and write repository documentation and executable skill files.
- Sanitization: The primary defense is a mandatory Phase 3 confirmation step using AskUserQuestion, ensuring no modifications occur without explicit user approval.
Audit Metadata