update-skills
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Instruction Generation from Session Data]: The skill facilitates the creation and modification of agent instructions based on session learnings. While this is its primary purpose, there is a security consideration regarding indirect prompt injection. If the agent processes malicious data (such as code or pull request comments) and identifies it as a 'learning', that malicious content could be persisted into the repository's instructions, potentially influencing future agent sessions.
- Evidence: The procedure involves identifying learnings from the session and writing them to
.github/skills/or.github/instructions/. - [Shell Command Execution]: The skill utilizes standard shell commands to manage and search for existing repository knowledge. These operations are limited to listing and searching within specific, expected directories.
- Evidence: Usage of
ls .github/skills/,ls .github/instructions/, andgrep -rto identify existing content.
Audit Metadata