improve-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill analyzes untrusted conversation history to modify the logic and instructions of other skills. * Ingestion points: Conversation history and the 'user-input' parameter in SKILL.md. * Boundary markers: Absent; the agent is instructed to treat conversation history as a factual source for 'course corrections'. * Capability inventory: Permission to edit SKILL.md and files in the scripts/ directory across all installed skills. * Sanitization: Absent; relies on LLM reasoning and user confirmation.
- DATA_EXFILTRATION (LOW): Potential Path Traversal. The skill-name input is used to construct file paths (e.g., ~/.claude/skills/). If the agent does not sanitize this input, it could potentially read or attempt to modify files outside the intended skills directory.
- COMMAND_EXECUTION (LOW): Dynamic Code Modification. The skill is explicitly designed to 'Update scripts if they produced wrong output'. While this is the intended purpose, the automated modification of executable code based on natural language feedback is a high-risk capability that could be exploited to introduce malicious logic into other skills.
Audit Metadata