crucible-meta-governance
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The skill includes 'Self-Evolving Skill' instructions that direct the agent to autonomously update 'SKILL.md' and 'references/evolution-log.md' if it determines that patterns are misleading or require improvement. This establishes a self-modifying instruction pattern.
- [COMMAND_EXECUTION]: The skill provides specific shell command snippets, such as 'mkdir' and 'cp', and instructs the agent to perform file management tasks to move artifacts from temporary locations to persistent storage.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data, including session examples and outputs from other agents, which could influence meta-governance decisions or trigger autonomous updates to the skill's instructions.
- [INDIRECT_PROMPT_INJECTION]: Ingestion points: Untrusted data is read using the 'Read', 'Grep', and 'Glob' tools specified in the frontmatter.
- [INDIRECT_PROMPT_INJECTION]: Boundary markers: The skill does not define delimiters or provide instructions for the agent to disregard commands or instructions embedded within the processed data.
- [INDIRECT_PROMPT_INJECTION]: Capability inventory: Across the instruction set, the agent is granted the ability to modify its own instruction files and execute file system management operations.
- [INDIRECT_PROMPT_INJECTION]: Sanitization: There are no instructions for validating, escaping, or sanitizing external content before it is used to inform decisions or update the skill's logic.
Audit Metadata