heal-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill derives file modifications from untrusted conversation data. * Ingestion points: Processes conversation context, invocation messages, and external documentation (Step 1 and 2) to identify errors. * Boundary markers: Lacks explicit delimiters or instructions to prevent the agent from obeying instructions embedded within the conversation history being analyzed. * Capability inventory: Utilizes the
Edittool for writing to the filesystem andBash(git:*)for repo management, allowing it to persist changes to the agent's behavior. * Sanitization: Includes a mandatory human review and approval step (Step 5) which acts as a primary defense against unauthorized or malicious modifications.
Audit Metadata