coach
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local Python scripts (init_coach.py, detect_signals.py, aggregate.py, skill_analyzer.py, apply.py) and system CLI tools (node, npm, python, go, docker, gh) to monitor environment state and check for outdated dependencies.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external tool outputs and error messages to generate behavioral rules. 1. Ingestion points: Command stderr patterns and tool failure signals captured from execution hooks. 2. Boundary markers: No explicit delimiters are mentioned to separate untrusted tool output from the generation context. 3. Capability inventory: The skill can modify CLAUDE.md and repository files via apply.py, which defines future agent behavior. 4. Sanitization: No explicit validation, escaping, or filtering of captured signals is described before they are aggregated into improvement candidates.
Audit Metadata