improve-processes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The 'Session Reflection' phase (Step 1) ingests the entire conversation history to identify patterns and friction points.
- Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent to ignore instructions embedded within the conversation data being analyzed.
- Capability inventory: The skill utilizes
WriteandEdittools to modify files in sensitive directories including.claude/agents/(system prompts) and.claude/skills/(executable logic/workflow steps). - Sanitization: No sanitization of the reflected data is performed before it is used to generate file modifications. However, the skill implements a 'Human-in-the-loop' (HITL) checkpoint in Step 3, requiring user approval before any changes are applied.
- Dynamic Execution (LOW): The skill facilitates self-modifying code behavior (Category 10) by allowing the agent to write and edit its own skill definitions and agent specializations. While this is the primary intended purpose of the skill, it represents a high-privilege capability that could be abused to introduce persistent backdoors if the user approves a malicious suggestion. The severity is lowered due to the intended purpose and HITL requirement.
Audit Metadata