recommend-evolution
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its design of persisting observation data to agent memory files.
- Ingestion points: Untrusted data enters the agent context via the
evidenceandsummaryinput fields defined inSKILL.mdand processed byscripts/main.cjs. - Boundary markers: Recorded evidence is appended to
.claude/context/runtime/evolution-requests.jsonland.claude/context/memory/learnings.md. The implementation lacks explicit delimiters or instructional warnings to prevent the agent from interpreting instructions that may be embedded in this stored data when it is retrieved in future sessions. - Capability inventory: The skill is configured with
Read,Write,Edit, andSkilltools, enabling it to modify local files and invoke other capability-rich skills such asartifact-integratororskill-updater. - Sanitization: No sanitization or escaping is performed on the input strings before they are persisted to the filesystem, allowing potential prompt injection payloads to be stored in the agent's long-term memory.
Audit Metadata