self-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a n "Indirect Prompt Injectio n" surface by creating a feed back loop where the agent log s error s and correctio n s into log file s, which are the n "promote d" to core system instructio n file s like CLAUDE.md, SOUL.md, or AGENTS.md. This allow s instructio n s embed ded in untrusted data (like error message s or tool output s) to be persiste d into the agent's core operatio nal guideline s.
- Ingestio n point s: Data enter s via log s in .learning s/LEARNINGS.md, .learning s/ERRORS.md, and .learning s/FEATURE_REQUESTS.md.
- Boundary marker s: No delimiter s or instructio n s are use d to distinguish data from instructio n s during the review and promotio n process.
- Capability inventor y: The agent is empowere d to modify system-level instructio n file s and execute local scaf folding script s.
- Sanitizatio n: There is no filtering or validatio n of the content being logge d.
- [COMMAND_EXECUTION]: The skill include s shell script s (extract-skill.sh, error-detector.sh, activator.sh) that perform file system operatio n s and monitor tool output s. The extract-skill.sh script create s new directorie s and file s on the host system. While it include s regex validatio n for input s to prevent path traversal, it provide s a mechanism for the agent to modify the project structure.
- [EXTERNAL_DOWNLOADS]: The documentatio n suggest s installing the skill or it s component s via claw dhub or by cloning from a GitHub repositor y (peterskoett/self-improving-agen t). These are external source s that provide the skill's code.
Audit Metadata