Skills
skills/seqis/openclaw-skills-converted-from-claude-code/self-improvement/Gen Agent Trust Hub

self-improvement

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes bash scripts (activator.sh, error-detector.sh, extract-skill.sh) intended for use as hooks or utility tools. These scripts monitor tool outputs and scaffold new skill folders, operating directly within the agent's shell environment.\n- [PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection due to its mechanism for promoting "learnings" to project memory files like CLAUDE.md and AGENTS.md. This allows instructions derived from potentially untrusted data to become persistent across sessions.\n
  • Ingestion points: Untrusted data enters via .learnings/LEARNINGS.md and .learnings/ERRORS.md which capture tool outputs and user feedback.\n
  • Boundary markers: Absent; there are no delimiters or "ignore" instructions used to prevent the agent from executing commands embedded in the logs.\n
  • Capability inventory: The agent is authorized to modify core system files including CLAUDE.md, AGENTS.md, and SOUL.md based on its logs.\n
  • Sanitization: Absent; the skill lacks any mechanism to validate or escape logged content before it is promoted to high-priority instruction files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:14 AM