self-improvement
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a self-improvement workflow that processes user feedback and command results into project context, creating an indirect prompt injection surface.
- Ingestion points: The skill captures data from conversation history and tool execution outputs, storing them in .learnings/LEARNINGS.md, ERRORS.md, and FEATURE_REQUESTS.md.
- Boundary markers: Logs use structured markdown headers but do not include explicit 'ignore instructions' delimiters for the untrusted content.
- Capability inventory: The skill can write to the local filesystem and create new skill scaffolds using bash commands and the extract-skill.sh script.
- Sanitization: No automated filtering or escaping is applied to captured data before it is re-introduced into the prompt context.
- [COMMAND_EXECUTION]: The utility script scripts/extract-skill.sh automates directory and file creation for new skills. It includes validation checks to prevent path traversal outside the intended directory.
- [EXTERNAL_DOWNLOADS]: The documentation references installation via git clone or clawdhub from the developer's GitHub repositories, which are recognized as the primary source for the skill's components.
Audit Metadata