skill-evolver
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted trace data which acts as a vector for indirect injection.
- Ingestion points: Untrusted data is ingested from
traces.jsonviascripts/extract_issue_context.pyand referenced workflow steps. - Boundary markers: None. The skill lacks delimiters or safety instructions to separate untrusted trace content from the agent's internal logic.
- Capability inventory: The skill is explicitly authorized to modify and overwrite executable Python scripts in the
scripts/directory. - Sanitization: None. The skill does not perform validation or sanitization of trace content before using it to generate code modifications.
- Dynamic Code Modification (LOW): The skill performs automated script modification (Category 10). While this is the primary intended purpose of the skill, it creates a powerful capability that can be misdirected by adversarial inputs in the execution traces.
- Missing Component (SAFE): The script
scripts/analyze_traces.pyis referenced in the workflow but was not provided in the source files, preventing a full audit of the primary analysis logic.
Audit Metadata