self-reflection
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installation instructions require cloning a repository from an unverified GitHub account (https://github.com/hopyky/self-reflection.git) and adding the resulting script to the user's execution path.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection. The agent is instructed to periodically 'read' and 'reflect' on its past lessons stored in a markdown file. If this file is modified by a third party or a malicious process, the agent may interpret injected instructions as valid historical lessons.\n
- Ingestion points: The memory log file (defaulting to ~/workspace/memory/self-review.md) which is read by the agent.\n
- Boundary markers: The markdown format used for logs does not include delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill provides tools for reading/writing to the local filesystem and expects the agent to follow directions contained within the log file.\n
- Sanitization: No sanitization, validation, or filtering of the logged content is performed.
Audit Metadata