self-improvement
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill creates a persistent feedback loop where the agent modifies its own instruction set based on observations and user feedback.
- Ingestion points: Data is collected from user corrections, error messages, and tool outputs (accessed via the
CLAUDE_TOOL_OUTPUTenvironment variable inscripts/error-detector.sh). - Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore potential malicious payloads within the captured text.
- Capability inventory: The skill can modify core project instruction files (
CLAUDE.md,SOUL.md,AGENTS.md) and generate new skill structures using thescripts/extract-skill.shutility. - Sanitization: Absent. There are no mechanisms in the logging or promotion logic to filter, escape, or validate the content against instruction injection attempts.
- [COMMAND_EXECUTION]: Includes several shell scripts (
activator.sh,error-detector.sh,extract-skill.sh) intended to be executed by the agent's host environment. extract-skill.shautomates the creation of directory structures and files. It includes basic regex validation for the skill name to mitigate path traversal risks.- [EXTERNAL_DOWNLOADS]: Documentation provides installation instructions that reference a third-party registry (
clawdhub.ai) and a personal GitHub repository (github.com/peterskoett/self-improving-agent).
Audit Metadata