Skills
skills/lanyasheng/auto-improvement-orchestrator-skill/skill-distill/Gen Agent Trust Hub

skill-distill

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Phase 4 validation workflow involves executing local Python scripts (self_improve.py, orchestrate.py, and evaluate.py) found within the ~/.claude/skills/ directory. These scripts are used to score the structure and execution of the newly generated skill.
  • [PROMPT_INJECTION]: The skill's primary function is to ingest and process the content of other agent skills, which introduces a surface for indirect prompt injection if a source skill contains adversarial instructions.
  • Ingestion points: In Phase 1, the agent reads the full content of SKILL.md and all files in the references/ directory of N source skills.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded prompts within the source skills being analyzed.
  • Capability inventory: The agent can write new skill files to the filesystem and execute shell commands (via Python) for validation purposes.
  • Sanitization: There is no explicit sanitization or filtering of source content before it is cross-referenced and merged into the final output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 03:24 AM