self-improvement-3
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell scripts (activator.sh, error-detector.sh, extract-skill.sh) intended for execution by the agent. These scripts manage automation hooks and file scaffolding. The extract-skill.sh script includes validation to ensure the provided skill name contains only safe characters, preventing command injection.
- [PROMPT_INJECTION]: The skill implements a feedback loop by injecting reminders into the agent's context via shell scripts. These reminders are meta-instructional prompts intended for self-evaluation and do not attempt to bypass safety guidelines or override systemic constraints.
- [SAFE]: Indirect Prompt Injection Analysis. Ingestion points: CLAUDE_TOOL_OUTPUT environment variable in scripts/error-detector.sh. Boundary markers: None present. Capability inventory: mkdir, cat, sed, and awk are used within scripts/extract-skill.sh for file and directory operations. Sanitization: The extract-skill.sh script validates the skill-name argument using a regular expression to ensure it only contains lowercase alphanumeric characters and hyphens. The risk is evaluated as safe because the scripts inject static text reminders rather than dynamic content from the tool output into the model instructions.
Audit Metadata