skill-optimizer-lawvable
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it identifies 'signals' from user input and incorporates them into the permanent instructions (SKILL.md) of other skills.
- Ingestion points: Conversation history and active session context.
- Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from obeying malicious instructions embedded in the 'feedback'.
- Capability inventory: The skill can read and overwrite SKILL.md and CHANGELOG.md files across the skills/ directory.
- Sanitization: Absent; while the skill applies semantic quality criteria (Complete, Precise, Atomic, Stable), it lacks security-focused sanitization to detect or prevent the promotion of adversarial instructions (e.g., jailbreaks or behavioral overrides).
- [COMMAND_EXECUTION]: The skill manages its 'automatic mode' state by executing shell commands (rm, touch) to create or delete a .disabled flag file.
- [PROMPT_INJECTION]: The skill utilizes a shell script hook (scripts/self-improve-hook.sh) to dynamically inject a systemMessage into the agent's context. This mechanism triggers the self-improvement workflow at the end of every session if the hook is installed in the agent's global configuration (.claude/settings.local.json).
Audit Metadata