skill-evolution
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a 'Skill generation loop' where the agent is instructed to execute generated code solutions to verify correctness and run local validation scripts (
./ci/utils/validate_skills.shand./ci/test_skills_assets.sh) before proposing updates. - [PROMPT_INJECTION]: The skill facilitates a mechanism for indirect prompt injection (Category 8) by modifying its own instructions based on external data from user interactions. \n
- Ingestion points: User corrections and problem-solving retries are ingested as training data for skill updates. \n
- Boundary markers: The skill uses explicit boundary markers (
<!-- skill-evolution:start -->) to tag and delimit generated content for review, though it lacks specialized delimiters for incoming user feedback. \n - Capability inventory: The skill possesses the capability to modify local instruction files (
SKILL.md), write new Python scripts (assets/*.py), and execute shell-based validation tools. \n - Sanitization: Security is maintained through a mandatory adversarial reasoning checklist, a requirement for explicit user approval before any changes are persisted, and the enforcement of non-negotiable rules that prevent the adoption of instructions which would expand permissions or weaken safety filters.
Audit Metadata