self-improve-prompt-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides a template for a workflow that ingests untrusted data from a codebase to update internal expertise files (which serve as agent instructions).
- Ingestion points: Step 3 of the workflow reads various files from the codebase based on the
DOMAIN_PATHSconfiguration. - Boundary markers: The template lacks specific instructions to wrap ingested code content in delimiters (e.g., XML tags) or to include instructions to ignore embedded prompts within the source code.
- Capability inventory: The workflow utilizes
Read,Grep,Glob, andWritetools to analyze files and modify expertise documents in.claude/commands/experts/. - Sanitization: The template includes a 'Validation Check' in Step 7 to parse the generated YAML and ensure syntax validity before writing to disk.
- [Command Execution] (SAFE): The workflow template suggests the use of
git diff --name-onlyto optimize scanning. This is a standard, low-risk command used for tracking file changes in development environments.
Audit Metadata