self-reflection
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a form of Indirect Prompt Injection by automating the conversion of task observations into persistent agent instructions. If an agent performs a task on a repository containing malicious hidden instructions, this skill might lead the agent to save those instructions as permanent project rules.
- Ingestion points: The agent's internal reasoning and context after completing a task or debugging session (SKILL.md).
- Boundary markers: Absent; there are no specific instructions to verify the source of the 'lesson' or to ignore instructions embedded in the data being processed.
- Capability inventory: The agent is given explicit instructions to write and append to files such as .cursorrules, CLAUDE.md, llms.txt, and to create new markdown files in the skills directory (SKILL.md).
- Sanitization: Absent; the skill does not describe any validation or sanitization of the content before it is written to the instruction files.
- [COMMAND_EXECUTION]: The skill requires the agent to perform file-system operations, including creating and modifying local configuration files that govern agent behavior across different sessions.
Audit Metadata