skill-improver
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands (
ls,mv,mkdir,find,grep) to manage feedback files and create summaries within the.claude/directory. - [PROMPT_INJECTION]: Indirect prompt injection risk: The skill's primary function involves reading external feedback data and using it to rewrite other skill files.
- Ingestion points: Processes files matching
.claude/feedback/retro-*.md, which are intended to contain user-provided or system-generated feedback. - Boundary markers: There are no specified boundary markers or instructions to disregard malicious directives embedded within the feedback files.
- Capability inventory: The skill can read/move files and modify the text content of other skills, which directly influences agent behavior.
- Sanitization: The process lacks a validation or sanitization step to ensure that the feedback does not contain adversarial instructions meant to be 'learned' by other skills.
Audit Metadata