play
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains 'Self-Evolving Skill' and 'Post-Execution Reflection' instructions that direct the agent to modify its own definition in SKILL.md. This pattern allows for persistent behavior modification through instructions encountered during execution.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform system checks, find files via Glob, and interact with the terminal environment (asciinema and iTerm2 via AppleScript).\n- [PROMPT_INJECTION]: Indirect injection risk factor analysis:\n
- Ingestion points: The skill processes external .cast files provided via user arguments or discovered through the Glob tool.\n
- Boundary markers: No boundary markers are used to isolate the contents of the terminal recordings from the agent's control logic.\n
- Capability inventory: The agent possesses the Bash tool and is explicitly authorized to write to its own instruction file (SKILL.md).\n
- Sanitization: There is no mechanism to sanitize or validate the content of processed recordings, meaning malicious terminal output could trick the agent into applying 'fixes' to the skill that contain malicious instructions.
Audit Metadata