correcting-mistakes
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill provides a mechanism to directly overwrite instruction files in .claude/skills/ and .claude/commands/. This allows for the bypass of existing constraints by modifying the source instructions of the agent.
- [Persistence Mechanisms] (HIGH): Modifications to the instruction files are saved to disk and persist across all future sessions, enabling long-term compromise of the agent's functionality.
- [Indirect Prompt Injection] (LOW): This skill exposes a significant attack surface where untrusted data causing an error can influence the fix applied to the agent's skills. Evidence: (1) Ingestion points: Error messages and solution discovery during skill/command execution. (2) Boundary markers: Absent; no instructions to ignore embedded content in the error context. (3) Capability inventory: File-write to skill/command directories and testing of arbitrary scripts. (4) Sanitization: Absent; no validation of the proposed correction before writing.
- [Dynamic Execution] (MEDIUM): Step 3 encourages the agent to test fixes by executing scripts or tools. This represents a dynamic execution risk where generated code or commands are run at runtime during the verification phase.
Recommendations
- AI detected serious security threats
Audit Metadata