skill-improver
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a control loop that requires a specific output marker (
<skill-improvement-complete>) to terminate and explicitly instructs the agent to ignore natural language completion signals. This is a functional workflow constraint rather than a malicious instruction bypass.\n- [EXTERNAL_DOWNLOADS]: The skill references the Trail of Bits plugin repository as a source for theplugin-devprerequisite. Trail of Bits is a well-known and reputable security research organization.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and modify external skill files, which introduces a surface for indirect prompt injection if the files being reviewed contain malicious instructions.\n - Ingestion points: Absolute file paths to skills provided by the user (e.g.,
[SKILL_PATH]).\n - Boundary markers: No explicit delimiters are defined to isolate the content of the skill being reviewed from the agent's instructions.\n
- Capability inventory: The agent is tasked with reading, analyzing, and modifying (fixing) files on the system.\n
- Sanitization: There are no instructions for sanitizing or validating the contents of the files before they are processed by the agent.
Audit Metadata