adaptation
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an indirect prompt injection surface where the agent's system prompt is rewritten based on external history or feedback.
- Ingestion points: Untrusted 'task_history' and performance reports are processed by an 'optimizer' in the
adaptation_loopfunction within SKILL.md. - Boundary markers: The implementation lacks delimiters or 'ignore embedded instructions' warnings for the feedback history.
- Capability inventory: The
save_prompt()function allows the system to persist and apply modified instructions to its core configuration. - Sanitization: No sanitization or validation of the proposed prompt is shown before persistence.
- [COMMAND_EXECUTION]: The skill proposes a 'Code Evolution' use case where an agent 'refactors' its own helper functions at runtime. This pattern of self-modifying code creates a critical risk if the refactoring logic can be influenced by malicious input strings within the task history. Evidence found in SKILL.md under the 'Use Cases' section.
Audit Metadata