self-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions utilize standard shell commands including
mkdir -pto initialize its storage directory andgrepcombined withwcto analyze the status of logged entries. These are legitimate file management operations.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) by design. \n - Ingestion points: Untrusted data enters the agent's context through user corrections, API/tool error messages, and feature requests, which are then logged to the
.learnings/directory.\n - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the logged content.\n
- Capability inventory: The skill performs file writes to markdown files and executes basic subprocess commands (
mkdir,grep,wc).\n - Sanitization: There is no evidence of input validation, escaping, or filtering of the external content before it is interpolated into the log files or promoted to project memory files like
CLAUDE.md.
Audit Metadata